Method for Secure Storage and Delivery of Media Content

ABSTRACT

The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a divisional of U.S. patent application Ser. No.11/322,812, filed Dec. 30, 2005, which claims the benefit of provisionalapplication No. 60/715,524, filed Sep. 8, 2005, both of whichapplications are hereby incorporated by reference.

BACKGROUND OF THE INVENTION

This invention is directed to systems that employ mobile storage devicesto securely store media content and deliver such content to consumers.

Consumers now use a variety of digital devices to render media content,such as music, video and games. Such devices include cellular phonehandsets, personal digital assistants (PDA), desk top, notebook orlaptop computers and a variety of media players such as MP3 players,video game machines and so on (collectively also referred to below asterminals). From the end user's point of view, it will be desirable tohave no more than one subscription for any media content. In the case ofmusic media content, for example, it will be desirable to have no morethan one music subscription and be able to play the music from thesubscription through any one of such devices. While mobile networkoperators (MNO) do allow cellular phone users to access media contentthrough handsets, such content service is typically locked to thehandsets, and does not allow the user to access such contents throughother terminals in his or her possession.

In the current market environment, companies in the music, movie andvideo game industries are concerned about unauthorized use of the mediacontent they provide. Because of the ease with which digital files canbe copied and transmitted, traditional barriers to unauthorizedexploitation of the media content are breaking down and today we witnessserious breaches of copyright owned by such companies. Existing mediarecording and rendering systems, however, still do not provide adequatesecurity to permit end users to be able to render media content usingthe above described digital devices or terminals in a manner that isentirely satisfactory for the media industry.

It is therefore desirable to provide a mobile memory system and methodwhich can be used to securely store media content and deliver suchcontent only to authorized end users through any of the digital devicesor terminals.

SUMMARY OF THE INVENTION

Non-volatile rewritable memory devices are particularly suitable as avehicle for storing media content. For example flash memory cards nowhave capacities in the multi-gigabyte range, which is much higher thanother storage media such as smartcards, and can be used to store movies,video games and a large number of music pieces. Furthermore, since flashmemory is rewritable, they are more flexible compared to high capacitynon-rewritable memories such as compact discs. The one draw back withexisting flash memory devices is that they do not provide adequatesecurity to prevent unauthorized use or access to the media contentstored on the cards. Thus once media content in non-volatile rewritablememory devices can be securely protected and controlled by or on behalfof the content owner, new avenues for distributing media content will beprovided for media companies; the end user will then be able to accessthe media content in such devices through different mobile digitaldevices without having to subscribe to multiple media services. Serviceproviders such as MNOs can also derive additional revenue by being ableto charge for the service of securely storing media content anddistributing media content in a controlled manner.

As one new avenue for distributing media content, in one embodiment, anon-volatile rewritable memory device may be pre-loaded with encryptedmedia titles so that such titles can be previewed without anyrestrictions.

In one implementation of the embodiment, such previews may compriseunencrypted portions of the encrypted media titles or unencrypted lowerquality versions of such titles. The previews may also comprise alimited number of plays or rendering of the full-length media titles.However, if the end user wishes to access the encrypted media titleswithout any restrictions or diminution in addition to their previews,the end user will have to purchase the rights to access the encryptedand unabridged media titles. After the end user purchases the right toaccess the encrypted media titles, he or she will be able to access suchtitles.

In this implementation of the embodiment, information concerningcredentials or other types of authentication information and rightsand/or rules for accessing the encrypted media titles that are availablefor preview are not pre-loaded into the device. These become availableto the end user only after the purchase; after the purchase, suchinformation is stored in the memory device.

In an alternative implementation of the embodiment, pre-loaded into theabove described non-volatile rewritable memory device are encryptedmedia titles as well as rights and/or rules which specify that onlyselected portions of the encrypted media titles or lower qualityversions of such titles are accessible without restriction or that suchtitles can be played for only a limited number of times. After paymentby the end user, the rights and/or rules stored in the memory device arethen updated to permit access to the encrypted media titles stored inthe memory device either without further restriction or with morerelaxed restrictions.

Non-volatile rewritable memory devices with security features may alsobe advantageously used by service providers to control the distributionof media content. Thus as another new avenue for media distribution,non-volatile rewritable memory devices may be provided with securityfeatures that enable service providers to create its own secureenvironment on the device. The service provider can control how themedia content stored in the device is to be used in such environment. Inone embodiment, the non-volatile rewritable memory device is providedwith a system agent which enables the service provider to create acontrol structure in a secure memory area of the device for controllingaccess to encrypted content stored in the device. The control structureenables a service provider to set up a scheme for distributing mediacontent in a flexible manner. The control structure can take the form ofa hierarchical tree, through which the service provider has many optionsin controlling how the media content can be used and accessed. Thecontrol structure can also take the form of an object referred to belowas a “rights object” where rights and/or rules are associated withaccess to specific media content and with certain authenticationrequirement(s), where access to such content is granted when suchauthentication requirement(s) is satisfied. By means of the controlstructure, a number of applications or end users may be able to accessthe same content but without sharing keys or credentials, and may beable to delegate the right for access to certain keys used to decryptand/or encrypt content.

The control structure can also allow the service provider to exercisecontrol over which terminals and accounts may access certain type ofcontent. For example, for a first category of memory devices, the mediacontent in the device can be accessed without restriction through anyend user terminal. For a second category of memory devices, thesedevices with security features can be accessed only by terminals with aparticular credential, such as an identifier or ID of a particularservice provider (e.g. MNO). Still a third category of memory deviceswith security features will then enable only a certain group of endusers such as a family to access the content in the device by means ofterminals having the particular credential, such as the ID of a mobilenetwork operator. Yet a fourth category of the rewritable non-volatilememory devices would enable content stored in the device to be accessedonly by a terminal with its own unique credential, together with theparticular service provider credential, such as the ID of a mobilenetwork operator.

The control structure created by the service provider or any otherentity may be such that it specifies certain permissions for access toone or more content encryption keys used to encrypt media content storedin the non-volatile rewritable memory device. For example, the controlstructure permits access to the one or more content encryption keys(which may be only for certain specified purposes) when pre-determinedcredentials are presented to the device. Thus when such a device isoperated, the device will determine whether credentials presented to thedevice are the pre-determined credentials and access to the one or moreof the content encryption keys is granted according to permissions fordecrypting the encrypted contents when the pre-determined credentialsare presented.

A non-volatile rewritable memory device may also enable more than oneend user to access encrypted media content stored in the device, butwhere the different end users may have different rights for accessingthe same content, or different content. Thus content visible andaccessible to one end user may not be accessible or even visible by adifferent end user. The device may store control information includinginformation on a plurality of accounts, each associated with a set ofencrypted media titles stored in the device, where each account hascorresponding credentials. When credentials associated with one accountare presented by a host or terminal to the device, the device will checkthe credentials presented to determine whether encrypted media titlesassociated with a particular account should be accessible and/orvisible. The device will then decrypt the encrypted media titlesassociated with a particular account and supply the decrypted mediatitles to the host for rendering when credentials presented by the hostare checked to be in order, such as where the presented credentialsmatch those credentials stored in the device for such account. Hence,when no credentials or the wrong credentials are presented by a host orterminal to the device, the encrypted media titles associated with aparticular account attempted to be accessed will not even be visible andwill not be accessible either. As used in this application, the terms“host” and “terminal” are used interchangeably.

The non-volatile rewritable memory device with security features may besuch that each media file stored in the device will have its own contentencryption keys or its own credentials required before access to suchkeys can be granted, and rights and/or rules in regard to how thedecrypted media files or titles can be used. In one embodiment, a rightsobject contains rights and/or rules regarding certain encrypted mediacontent, content encryption keys for decrypting and/or encrypting suchcontent and credentials required for accessing such keys. Such a rightsobject can be used as a form of the control structure referred to above.Thus, adopting this embodiment of the rights object, the memory devicewill store a number of content encryption keys available for decryptinga number of corresponding media files stored in the device and storecorresponding rights objects. It is possible for each of non-volatilerewritable memory devices manufactured to have unique keys that aredifferent from the keys in any other memory device. This will require aunique set of content encryption keys to be generated for each of thememory devices. Preferably for some applications and for enhancedsecurity, however, the rights object does not contain content encryptionkeys. Instead it contains the authentication information (e.g.credentials) needed for accessing the content encryption keys. In thismanner, an added layer of security is provided.

However, for some applications, it may be desirable to install the sameset of content encryption keys (and corresponding rights objects) intoeach of a batch of non-volatile rewritable memory devices so thatdifferent keys do not need to be installed in the different devices inthe batch during manufacturing. Each batch of non-volatile rewritablememory devices manufactured will have its own unique group of contentencryption keys and corresponding rights objects that are different fromthose in any other batch of memory devices.

According to this scheme, if a large number of such memory devices areto be manufactured, the devices are divided into a number of groups eachhaving N devices, N being a positive integer. N sets of rights objectseach containing a corresponding set of content encryption keys aregenerated. Each of the N sets of rights objects also has a correspondingset identification code for identifying one device in each of the groupsinto which such set of rights objects is to be loaded duringmanufacturing. There are thus N different set identification codes. Eachdevice has a unique identification code, and a set identification codewhich preferably is derivable from its identification code. Thus duringmanufacturing, the installation process will first derive the setidentification code of each of the devices to be manufactured from itsunique identification code. From the set identification code, thecorresponding rights object is then identified and loaded to the device.Corresponding media files that can be decrypted using the keys in suchrights objects are also loaded to the device. The media files loaded cancomprise paid media content as well as unpaid media content thatrequires payment before it can be accessed, and can comprise previews ofsuch unpaid media content available for unrestricted access.

In an embodiment of yet another aspect of the invention, the mediacontent to be stored in the non-volatile rewritable memory devices isencrypted. This means that the loading of the encrypted media contentmay be performed at non-secure facilities, which greatly simplifies themanufacturing process of the devices. In one embodiment, for example,rights objects containing content encryption keys may be loaded firstinto the devices at a secure facility. Thereafter, the devices may thenbe shipped to non-secure facilities for loading of the encrypted mediacontent the access to which is controlled by the rights object alreadyloaded in the memory devices, and the content encryption keys in theobjects then may be used to decrypt the encrypted media contents.

As noted above, non-volatile rewritable memory devices with encryptedmedia titles and previews of such titles provide new avenue for mediacontent distribution and revenue for media companies. Non-volatilerewritable memories with stored content different from the above typemay yet provide other channels of revenue for media companies and otherassociated providers. In one such configuration, media content is storedin a memory area of the non-volatile rewritable memory card where thecontent includes only selected and unencrypted portions of at least somemedia titles or lower quality unencrypted versions of such titles. Suchcards may be useful for promotional purposes, and also useful for theend user to preview media content prior to purchase. After the end userhas previewed such content, he or she may decide to purchase either thefull-length media titles or the high quality versions of such titles.After the purchase, the end user may then download such media titles tothe memory device as well as any rights object after payment.

Thus with the above described types of memory devices with previewcontent, the devices will respond to a request from the end user byrendering the unencrypted portions of the media titles or low qualityunencrypted versions of the titles or for a limited duration or numberof times. The devices will also query the user as to whether the userwishes to purchase rights to access the full length or high qualityversions of the titles. If the preview content is one where the end usercan access the full length title a limited number of times, then thememory device will query the end user after accessing the title(s) as towhether the user wishes to purchase rights to unrestricted access of thetitle(s). In one embodiment, if the user then responds by purchasingsuch title(s), the appropriate rights objects are then installed and thefull length or high quality media title(s) are installed as well if theyare not already stored on the device. After such process has beencompleted, the user may then have the full length or high quality mediatitles rendered for enjoyment, or can enjoy the titles without anyrestrictions.

Yet another alternative embodiment is where the non-volatile rewritablememory card stores encrypted media titles without also storing thenecessary keys for decrypting the titles. After purchasing the rightsfor rendering, the end user may then download the appropriate rightsobjects with the appropriate keys (or credentials for accessing suchkeys) for decrypting the media titles for enjoyment.

In still another embodiment, a non-volatile rewritable memory card withunencrypted media titles stored therein may be used for market researchpurposes. Thus also stored in the card are rights object(s) or othercontrol structures that will permit access to the media titles eitherwithin a certain time limit or a limited number of times, and the cardtracks access to the media titles and compiles an access profile basedon the tracked access. The time limit or the number of times by whichthe media titles can be played or rendered can be extended if the accessprofile already compiled is downloaded to a server for purposes such asmarket research.

In still another embodiment, a non-volatile rewritable memory card maystore one or more rights object(s) or other control structures asapplied to certain encrypted media content that can be accessed butwhere such content is not stored in a card. Such memory card may be usedas a pre-paid media content card available for purchase by end users.Since the content encryption keys (or credentials for accessing suchkeys) and rights and/or rules are already stored in the card, the enduser may be able to download the encrypted content specified under therights and/or rules in the card and decrypt such content using the oneor more content encryption keys that can be accessed by or that isstored in the card for rendering. One advantage of such card is that itpermits the end user to repeatedly download encrypted content specifiedby the rights and/or rules, so that the end user may be able to deletethe encrypted content and download the same content at a later time.This permits the user to access a large volume of media content withoutgiving up the right to access such content.

To enable a user to access readily a number of different protected mediafiles without having to provide multiple credentials, the controlstructures controlling the access to these files allow delegation of thepermission or authority to access these files to a another controlstructure, such as a designated control structure, which permits theuser to access all of such media files when a particular set ofcredentials is presented. In one embodiment, such designated controlstructure may be a playback access control record or rights object. Inanother embodiment, the permission delegated is permission for access tokeys for decrypting encrypted media files.

In the various embodiments above employing a rights object, the rightsobject contains keys used for decrypting and/or encrypting the content,and authentication requirements for accessing the keys. Additionalembodiments similar to the ones above can be implemented using anotherembodiment of the rights object where rights and/or rules for accessingcertain protected areas of the memory device are associated withcorresponding authentication requirements, so that only authorizedentities who have complied with such requirements are allowed to accessthe content stored in such areas. Such embodiment of the rights objectmay or may not contain keys. Where such embodiment of the rights objectcontains keys, the keys may be used for decrypting and/or encrypting thecontent stored in the protected areas or unprotected areas, wherecompliance with authentication requirements preferably different fromthose used for accessing the protected areas is needed for accessing thekeys.

As noted above, valuable rights and/or content may be loaded to thememory card. For this purpose, it may be important to check thecredentials of the card before such valuable content is loaded. Thusaccording to another aspect of the invention, the credentials of anon-volatile rewritable flash memory card are checked to determinewhether the card is genuine or is a counterfeit and information onwhether the card is genuine is then provided in response to thechecking. This capability may be transferred from one server to another,such as from an authentication server to the service provider server.

In one more embodiment, the rights object is backed up and restored in amanner that prevents one way of circumventing control of content by therights object. Media content is stored in a first memory area. At leastone rights object is stored in a second memory area for controllingaccess to media content stored in the first memory area. Preferably thesecond memory area is accessible for backup and restoration of said atleast one rights object only by applications that are authorized to doso. In one implementation, the second memory area is a protectedpartition accessible only by applications with credentials that aredifferent from those used to access the partition for read onlyfunctions.

In still another embodiment, a rights object is accessible for read onlyfunctions when first credentials are presented to the device and isaccessible to be copied, modified or erased when second credentialsdifferent from the first credentials are presented to the device. In oneimplementation, second credentials are presented to the device and therights object is copied, modified or erased. This process allows thenumber of copies that can be made of the rights object to be effectivelycontrolled, both in the source memory device from which the rightsobject is copied and in the recipient device to which the rights objectis copied. The total number of copies allowed prior to the copying canbe maintained to be the same and not changed by the copying. This can becontrolled by either modifying or erasing the rights object in thesource memory device and by modifying, if necessary, the rights objectprior to copying it to the recipient memory device.

In yet another embodiment, credentials of an application that isaccessing a non-volatile rewritable memory card is checked to determinewhether it is authorized to do so. An indication that said applicationis not authorized to accessing the non-volatile rewritable memory cardis provided when the credentials of the application does not meetrequirements.

The above-described features may be used individually or in anycombination to provide different avenues for distributing media contentin a secure and controlled manner.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a memory system in communication with thehost device useful for illustrating this invention.

FIG. 2 is a schematic view of different partitions of a memory and ofunencrypted and encrypted files stored in different partitions whereaccess to certain partitions and the encrypted files is controlled byaccess policies and authentication procedures useful to illustrateaspects of the invention.

FIG. 3 is a schematic view of a memory illustrating the differentpartitions in the memory.

FIG. 4 is a schematic view of file location tables for the differentpartitions of the memory shown in FIG. 3 where some of the files in thepartitions are encrypted.

FIG. 5 is a schematic view of access control records in an accesscontrolled record group and the associated key references which areuseful to illustrate aspects of the invention.

FIG. 6 is a schematic view of tree structures formed by accesscontrolled records groups and access controlled records useful toillustrate an aspect of the invention.

FIG. 7 is a schematic diagram of a tree illustrating three hierarchicaltrees of access controlled record groups to illustrate a process offormation of the trees.

FIGS. 8A and 8B are flow charts illustrating the processes carried outby a host device and a memory device such as a memory card for creatingand using a system access control record.

FIG. 9 is a flow chart illustrating a process using a system accesscontrol record to create an access controlled record group to illustratean aspect of the invention.

FIG. 10 is a flow chart illustrating a process for creating an accesscontrol record.

FIG. 11 is a schematic view of two access control record groups usefulfor illustrating a particular application of the hierarchical tree.

FIG. 12 is a flow chart illustrating a process for delegation ofspecific rights.

FIG. 13 is a schematic view of an access controlled record group and anaccess control record to illustrate the process of delegation of FIG.12.

FIG. 14 is a flowchart illustrating the process for creating a key forthe purpose of encryption and/or decryption.

FIG. 15 is a flow chart illustrating a process for removing accessrights and/or permission for data access according to an accessedcontrolled record.

FIG. 16 is a flow chart illustrating a process for requesting accesswhen access rights and/or permission to access has been deleted or hasexpired.

FIGS. 17A and 17B are flow diagrams illustrating sessions ofauthentication and access when some sessions are open.

FIG. 18 illustrates an environment in which a memory device may be usedfor storing media content securely and for delivering the media contentstored therein in a controlled manner.

FIGS. 19A-19D are flow diagrams illustrating different avenues for mediacontent distribution useful for illustrating various embodiments of theinvention.

FIG. 20 is a block diagram of one embodiment of a memory device wheredifferent functions are stored in different areas of the device.

FIG. 21 is a block diagram of a system architecture used forimplementing the different media content distribution schemes of FIGS.19A-19D and other figures of this application.

FIG. 22 is a block diagram illustrating a memory device containing paidmedia content and unpaid catalog media content to illustrate onepossible avenue for distributing media contents.

FIGS. 23A-23C are flow charts illustrating a content unlocking processinvolving the device of FIG. 22.

FIG. 24 is a block diagram illustrating yet another embodiment forunlocking locked catalog media content in the device of FIG. 22 usingaccess control records (ACRs) and a delegation attribute.

FIGS. 25A-25B are flow charts illustrating a process of contentrendering.

FIG. 26 is a block diagram of a security architecture or controlstructure in a non-volatile re-writable memory device to illustrateadditional features of this invention.

FIG. 27-32 illustrates an overall architecture for mutual authenticationbetween an end user terminal and a memory device.

FIGS. 33A-35 are flow charts illustrating a process of generating andloading of keys and rights objects for prepaid as well as cataloguecontent.

FIGS. 36A-36D are schematic diagrams of memory devices with encryptedmedia titles and previews of such titles to illustrate embodiments ofthe invention.

FIGS. 37A-37C are schematic diagrams of memory devices with previewcontent to illustrate further embodiments of the invention.

FIGS. 38A and 38B are schematic diagrams of memory devices withencrypted media titles to illustrate additional embodiments of theinvention.

FIGS. 39A and 39B are schematic diagrams of memory devices with rightsobjects to illustrate more embodiments of the invention.

FIGS. 40-46 are flow charts illustrating processes for distributingmedia content using the memory devices of FIGS. 36A-39B objects toillustrate embodiments of the invention.

For simplicity in description, identical components are labeled by thesame numerals in this application.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

An example memory system in which the various aspects of the presentinvention may be implemented is illustrated by the block diagram ofFIG. 1. As shown in FIG. 1, the memory system or device 10 includes acentral processing unit (CPU) 12, a buffer management unit (BMU) 14, ahost interface module (HIM) 16 and a flash interface module (FIM) 18, aflash memory 20 and a peripheral access module (PAM) 22. Memory system10 communicates with a host device 24 through a host interface bus 26and port 26 a. The flash memory 20 which may be of the NAND type,provides data storage for the host device 24. The software code for CPU12 may also be stored in flash memory 20. FIM 18 connects to the flashmemory 20 through a flash interface bus 28 and port 28 a. HIM 16 issuitable for connection to a host system like a digital camera, personalcomputer, personal digital assistants (PDA), digital media players, MP-3players, cellular telephones or other digital devices. The peripheralaccess module 22 selects the appropriate controller module such as FIM,HIM and BMU for communication with the CPU 12. In one embodiment, all ofthe components of system 10 within the dotted line box may be enclosedin a single unit such as in memory card or stick 10′ and preferablyencapsulated.

While the invention is illustrated herein by reference to flash memoriesin the form of cards, the invention may also be applicable to othertypes of memories whether these are in card form or not, such asmagnetic disks, optical CDs, as well as all other types of rewrite-ablenon volatile memory systems.

The buffer management unit 14 includes a host direct memory access(HDMA) 32, a flash direct memory access (FDMA) 34, an arbiter 36, abuffer random access memory (BRAM) 38 and a crypto-engine 40. Thearbiter 36 is a shared bus arbiter so that only one master or initiator(which can be HDMA 32, FDMA 34 or CPU 12) can be active at any time andthe slave or target is BRAM 38. The arbiter is responsible forchanneling the appropriate initiator request to the BRAM 38. The HDMA 32and FDMA 34 are responsible for data transported between the HIM 16, FIM18 and BRAM 38 or the CPU random access memory (CPU RAM) 12 a. Theoperation of the HDMA 32 and of the FDMA 34 are conventional and neednot be described in detail herein. The BRAM 38 is used to store datapassed between the host device 24 and flash memory 20. The HDMA 32 andFDMA 34 are responsible for transferring the data between HIM 16/FIM 18and BRAM 38 or the CPU RAM 12 a and for indicating sector completion.

For improved security of the content stored in memory 20, memory system10 generates the key value(s) that are used for encryption and/ordecryption. However, encryption and decryption is typically done file byfile, since the host device reads and writes data to memory system 10 inthe form of files. Like many other types of storage devices, memorydevice 10 is not aware of files or file systems. While memory 20 doesstore a file allocation table (FAT) where the logical addresses of thefiles are identified, the FAT is typically accessed and managed by thehost device 24 and not by the controller 12. Therefore, in order toencrypt data in a particular file, the controller 12 will have to relyon the host device to send the logical addresses of the data in the filein memory 20, so that the data of the particular file can be found andencrypted and/or decrypted by system 10 using the key value(s) availableonly to system 10.

To provide a handle for both the host device 24 and memory system 10 torefer to the same key(s) for cryptographically processing data in files,the host device provides a reference for each of the key valuesgenerated by system 10, where such reference may simply be a key ID.Thus, the Host 24 associates each file that is cryptographicallyprocessed by system 10 with a key ID, and the system 10 associates eachkey value that is used to cryptographically process data with a key IDprovided by the host. Thus, when the host requests that a file becryptographically processed, it will send the request along with a keyID along with the logical addresses of data to be fetched from or storedin memory 20 to system 10. System 10 generates a key value andassociates the key ID provided by the host 24 with such value, andperforms the cryptographic processing. In this manner, no change needsto be made in the manner memory system 10 operates while allowing it tocontrol the cryptographic processing using the key(s). In other words,system 10 continues to allow the host 24 to manage the files by havingexclusive control of FAT, while it maintains control for the generationand management of the key value(s) used for cryptographic processing.

The key ID provided by the host 24 and the key value generated by thememory system form two attributes of a quantity referred to below as the“content encryption key” or CEK. While the host 24 may associate eachkey ID with one or more files, host 24 may also associate each key IDwith unorganized data or data organized in any manner, and not limitedto data organized into complete files.

In order for a user or application to gain access to protected contentor area in system 10, it will need to be authenticated using acredential which is pre-registered with system 10. A credential is tiedto the access rights granted to the particular user or application withsuch credential. In the pre-registration process, system 10 stores arecord of the identity and credential of the user or application, andthe access rights associated with such identity and credentialdetermined by the user or application and provided through the host 24.After the pre-registration has been completed, when the user orapplication requests to write data to memory 20, it will need to providethrough the host device its identity and credential, a key ID forencrypting the data, and the logical addresses where the encrypted datais to be stored. System 10 generates a key value and associates thisvalue with the key ID provided by the host device, and stores in itsrecord or table for this user or application the key ID for the keyvalue used to encrypt the data to be written. It then encrypts the dataand stores the encrypted data at the addresses designated by the host aswell as the key value it generated.

When a user or application requests to read encrypted data from memory20, it will need to prove its identity by providing credentials, providethe key ID for the key previously used to encrypt the requested data,and the logical addresses where the encrypted data is stored. System 10will then match the user or application identity and credential providedby the host to those stored in its record. If they match, system 10 willthen fetch from its memory the key value associated with the key IDprovided by the user or application, decrypt the data stored at theaddresses designated by the host device using the key value and send thedecrypted data to the user or application.

By separating the authentication credentials from the management of keysused for cryptographic processing, it is then possible to share rightsto access data without sharing credentials. Thus, a group of users orapplications with different credentials can have access to the same keysfor accessing the same data, while users outside this group have noaccess. While all users or applications within a group may have accessto the same data, they may still have different rights. Thus, some mayhave read only access, while others may have write access only, whilestill others may have both. Since system 10 maintains a record of theusers or application identities and credentials, the key IDs they haveaccess to, and the associated access rights to each of the key IDs, itis possible for system 10 to add or delete key IDs and alter accessrights associated with such key IDs for particular users orapplications, to delegate access rights from one user or application toanother, or even to delete or add records or tables for users orapplications, all as controlled by a properly authenticated host device.The record stored may specify that a secure channel is required foraccessing certain keys. Authentication may be done using symmetric orasymmetric algorithms as well as passwords.

Especially important is the portability of the secured content in thememory system 10. Since the key value is generated by the memory systemand substantially not available to external systems, when the memorysystem or a storage device incorporating the system is transferred fromone external system to another, security of the content stored thereinis maintained, and external systems are not able to access such contentunless they have been authenticated in a manner completely controlled bythe memory system. Even after being so authenticated, access iscontrolled by the memory system, and external systems can access only ina manner controlled according to preset records in the memory system. Ifa request does not comply with such records, the request will be denied.

To provide greater flexibility in protecting content, it is envisionedthat certain areas of the memory referred to below as partitions can beaccessed only by properly authenticated users or applications. Whencombined with the above-described features of key-based data encryption,system 10 provides greater data protection capability. As shown in FIG.2, the flash memory 20 may have its storage capacity divided into anumber of partitions: a user area or partition and custom partitions.The user area or partition P0 is accessible to all users andapplications without authentication. While all bit values of data storedin the user area can be read or written to by any application or user,if the data read is encrypted, the user or application without authorityto decrypt would not be able to access the information represented bythe bit values stored in a user area. This is illustrated, for example,by files 102 and 104 stored in user area P0. Also stored in the userarea are unencrypted files such as 106 which can be read and understoodby all applications and users. Thus, symbolically, the files that areencrypted are shown with locks associated with them such as for files102 and 104.

While an encrypted file in a user area P0 cannot be understood byunauthorized applications or users, such applications or users may stillbe able to delete or corrupt the file, which may be undesirable for someapplications. For this purpose, memory 20 also includes protected custompartitions such as partitions P1 and P2 which cannot be accessed withoutprior authentication. The authentication process permitted in theembodiments in this application is explained below.

As also illustrated in FIG. 2, a variety of users or applications mayaccess the files in memory 20. Thus users 1 and 2, and applications 1-4(running on devices) are shown in FIG. 2. Before these entities areallowed to access protected content in memory 20, they are firstauthenticated by an authentication process in a manner explained below.In this process, the entity that is requesting access needs to beidentified at the host side for role based access control. Thus, theentity requesting access first identifies itself by supplyinginformation such as “I am application 2 and I wish to read file 1.”Controller 12 then matches the identity, authentication information andrequest against the record stored in memory 20 or controller 12. If allrequirements are met, access is then granted to such entity. Asillustrated in FIG. 2, user 1 is allowed to read and write to file 101in partition P1, but can only read files 102 and 104 in addition to user1 having unrestricted rights to read from and write to files 106 in P0.User 2, on the other hand, is not allowed access to file 101 and 104 buthas read and write access to file 102. As indicated in FIG. 2, users 1and 2 have the same login algorithm (AES) while applications 1 and 3have different login algorithms (e.g. RSA and 001001) which are alsodifferent from those of users 1 and 2. Both users 1 and 2 can accessfiles 106 without presenting any credentials and without anyrestrictions.

The Secure Storage Application (SSA) is a security application in thefirmware of the memory system 10, and illustrates an embodiment of theinvention, which can be used to implement many of the above-identifiedfeatures. SSA may be embodied as software or computer code with databasestored in the memory 20 or a non-volatile memory (not shown) in CPU 12,and is read into RAM 12 a and executed by CPU 12. The acronyms used inreference to the SSA are set forth in the table below:

DEFINITIONS, ACRONYMS & ABBREVIATIONS

ACR Access Control Records AGP ACR Group CBC Chain Block Cipher CEKContent Encryption Key ECB Electronic Codebook ACAM ACR AttributesManagement PCR Permissions Control Record SSA Secure Storage ApplicationEntity Any thing that has real and individual existence (host side) thatlogs in the SSA and thus utilizes its functionalities.

SSA System Description

Data security, integrity and access control are the major roles of theSSA. The data are files that would otherwise be stored plainly on amass-storage device of some kind. The SSA system sits atop of thestorage system and adds the security layer for the stored host files.

The main task of the SSA is to manage the different rights associatedwith the stored (and secured) content in the memory. The memoryapplication needs to manage multiple users and content rights tomultiple stored content. Host applications from their side, see drivesand partitions that are visible to such applications, and fileallocation tables (FATs) that manage and portray the locations of thestored files on the storage device.

In this case the storage device uses NAND flash chip divided topartitions, although other mobile storage devices may also be used andare within the scope of this invention. These partitions are continuousthreads of logical addresses, where a start and an end address definetheir boundaries. Restrictions may therefore be imposed on access tohidden partitions, if desired, by means of software (such as softwarestored in memory 20) that associates such restrictions with theaddresses within such boundaries. Partitions are fully recognizable tothe SSA by their logical address boundaries that are managed by it. TheSSA system uses partitions to physically secure data from unauthorizedhost applications. To the host, the partitions are a mechanism ofdefining proprietary spaces in which to store data files. Thesepartitions can either be public, where anyone with access to the storagedevice can see and be aware of the partition's presence on the device,or private or hidden, where only the selected host applications haveaccess to and are aware of their presence in the storage device.

FIG. 3 is a schematic view of a memory illustrating the partitions ofthe memory: P0, P1, P2 and P3 (obviously fewer or more partitions thanfour may be employed), where P0 is a public partition which can beaccessed by any entity without authentication.

A private partition (such as P1, P2 or P3) hides the access to the fileswithin it. By preventing the host from accessing the partition, theflash device (e.g. flash card) delivers protection of the data filesinside the partition. This kind of protection, however, engulfs all ofthe files residing in the hidden partition by imposing restrictions onaccess to data stored at the logical addresses within the partition. Inother words, the restrictions are associated with a range of logicaladdresses. All of the users/hosts that have access to that partitionwill have unlimited access to all of the files inside. To isolatedifferent files from one another—or groups of files—the SSA systemprovides another level of security and integrity per file—or groups offiles—using keys and key references or Key IDs. A key reference or keyID of a particular key value used for encrypting data at differentmemory addresses can be analogized to a container or domain thatcontains the encrypted data. For this reason, in FIG. 4, the keyreferences or key IDs (e.g. “key 1” and “key 2”) are shown graphicallyas areas surrounding the files encrypted using the key values associatedwith the key IDs.

In reference to FIG. 4, for example, File A is accessible to allentities without any authentication, since it is shown as not enclosedby any key ID. Even though File B in the public partition can be read oroverwritten by all entities, it contains data encrypted with a key withID “key 1”, so that the information contained in File B is notaccessible to an entity unless such entity has access to such key. Inthis manner using key values and key references or Key IDs providelogical protection only, as opposed to the type of protection providedby the partition described above. Hence any host that can access apartition (public or private) is capable of reading or writing the datain the entire partition, including the encrypted data. However, sincethe data is encrypted, unauthorized users can only corrupt it. Theypreferably cannot alter the data without detection or use it. Byrestricting the access to the encryption and/or decryption keys, thisfeature can allow only the authorized entities to use the data. Files Band C are also encrypted using a key with key ID “key 2” in P0.

Data confidentiality and integrity can be provided through symmetricencryption methods that use Content Encryption Keys (CEK), one per CEK.In the SSA embodiment, the CEKs are generated by the flash device (e.g.flash card), used internally only, and kept as secrets. The data that isencrypted or ciphered may also be either hashed or the cipher is chainblock to ensure data integrity. Preferably the CEK are stored in asecure part of the memory not accessible to entities outside the cardduring normal operations.

Not all the data in the partition is encrypted by different keys andassociated with different key IDs. Certain logical addresses either inpublic or user files or in the operating system area (i.e. FAT) may notbe associated with any key or key reference, and thus are available toany entity that can access the partition itself.

An entity that calls for the ability to create keys and partitions aswell as writing and reading data from them or using the keys, needs tologin to the SSA system through an Access Control Record (ACR). Theprivileges of an ACR in the SSA system are called Actions. Every ACR mayhave Permissions to perform Actions of the following three categories:Creating partitions and keys/key IDs, accessing partitions and keys andcreating/updating other ACRs.

ACRs are organized in groups called ACR Groups or AGPs. Once an ACR hassuccessfully authenticated, the SSA system opens a Session through whichany of the ACR's actions can be executed.

User Partition(s)

The SSA system manages one or more public partitions, also referred toas the user partition(s). This partition exists on the storage deviceand is a partition or partitions that can be accessed through thestandard read write commands of the storage device. Getting informationregarding the size of the partition(s) as well as its existence on thedevice preferably cannot be hidden from the host system.

The SSA system enables accessing this partition(s) either through thestandard read write commands or the SSA commands. Therefore, accessingthe partition preferably cannot be restricted to specific ACRs. The SSAsystem, however, can enable the host devices to restrict the access tothe user partition. Read and write accesses can be enabled/disabledindividually. All four combinations (e.g. write only, read only (writeprotect), read and write and no access) are allowed.

The SSA system enables ACRs to associate key IDs with files within theuser partition and encrypt individual files using keys associated withsuch key IDs. Accessing encrypted files within the user partitions aswell as setting the access rights to the partitions will be done usingthe SSA command set (refer to Appendix A for detailed description of theSSA commands—In the Appendix, key ID is referred to as “domain”).

The above features also apply to data not organized into files.

SSA Partitions

These are hidden (from the host operating system or OS) partitions thatcan be accessed only through the SSA commands. The SSA system willpreferably not allow the host device to access an SSA partition, otherthan through a session (described below) established by logging onto anACR. Similarly, preferably the SSA will not provide informationregarding the existence, size and access permission of an SSA partition,unless this request is coming through an established session.

Access rights to partitions are derived from the ACR permissions. Oncean ACR is logged into the SSA system, it can share the partition withother ACRs (described below). When a partition is created, the hostprovides a reference name or ID (e.g. P0-P3 in FIGS. 3 and 4) for thepartition. This reference is used in further read and write commands tothe partition.

Partitioning of the Storage Device

All available storage capacity of the device is preferably allocated tothe user partition and the currently configured SSA partitions.Therefore, any repartition operation may involve reconfiguration of theexisting partitions. The net change to the device capacity (sum of sizesof all partitions) will be zero. The IDs of the partitions in the devicememory space are defined by the host system.

The host system can either repartition one of the existing partitionsinto two smaller ones or, merge two existing partitions (which may ormay not be adjacent) into one. The data in the divided or mergedpartitions can be either erased or left untouched, at the host'sdiscretion.

Since repartitioning of the storage device may cause loss of data(either because it was erased or moved around in the logical addressspace of the storage device) severe restrictions on repartitioning areadministered by the SSA system. Only an ACR residing in a root AGP(explained below) is allowed to issue a repartition command and it canonly reference partitions owned by it. Since the SSA system is not awareof how data is organized in the partitions (FAT or other file systemstructure) it is the host's responsibility to reconstruct thesestructures any time the device is repartitioned.

Repartitioning of the user partition will change the size and otherattributes of this partition as seen by the host OS.

After repartitioning, it is the host system's responsibility to makesure any ACR in the SSA system is not referencing the non-existingpartitions. If these ACRs are not deleted or updated appropriately,future attempts, on behalf of these ACRs, to access the non-existingpartitions will be detected and rejected by the system. Similar care ispreferably taken, regarding deleted keys and key IDs.

Keys, Key IDs and Logical Protection

When a file is written to a certain hidden partition, it is physicallyhidden from the general public. But, once an entity (hostile or not)gets knowledge and access to this partition the file becomes availableand plain to see. To further secure the file, the SSA can encrypt it inthe hidden partition, where the credentials for accessing the key fordecrypting the file are preferably different from those for accessingthe partition. Due to the fact that files are not something that the SSAis aware of (totally controlled and managed by the host), associating aCEK with a file is a problem. Linking the file to something the SSAacknowledges—the key ID, rectifies this. Thus, when a key is created bythe SSA, the host associates the key ID for this key with the dataencrypted using the key created by the SSA.

The key value and key ID provide logical security. All data associatedwith a given key ID, regardless of its location, is ciphered with thesame content encryption key (CEK) whose reference name or key ID isuniquely provided at creation by the host application. If an entityobtains access to a hidden partition (by authenticating through an ACR)and wishes to either read or write an encrypted file within thispartition, it needs to have access to the key ID that is associated withthe file. When granting access to the key for this key ID, the SSA loadsthe key value in CEK associated with this key ID and either decrypts thedata before sending it to the host or encrypts the data before writingit to the flash memory 20. A key value in CEK associated with a key IDis randomly created once by the SSA system and maintained by it. The keyvalue is entirely managed by the SSA.

The SSA system protects the data associated with the key ID using anyone (user defined) of the following cipher modes (the actualcryptographic algorithms used, as well as the key values in CEKs, aresystem controlled and not revealed to the outside world):

Block mode—Data is divided into blocks, each one of them, encryptedindividually. This mode is generally considered less secure andsusceptive to dictionary attacks, However, it will allow users torandomly access any one of the data blocks.

Chained mode—Data is divided into blocks, which are chained during theencryption process. Every block is used as one of the inputs to theencryption process of the next one. This mode, although considered asmore secure, requires that the data is always written and readsequentially from start to end, creating an overhead not alwaysacceptable to the users.

Hashed—Chain mode with the additional creation of a data digest that canbe used for validating data integrity.

ACRs and Access Control

The SSA is designed to handle multiple applications where each one ofthem is represented as a tree of nodes in the system database. Mutualexclusion between the applications is achieved by ensuring no cross talkbetween the tree branches.

In order to gain access to the SSA system, an entity needs to establisha connection via one of the system's ACRs. Login procedures areadministered by the SSA system according to the definitions embedded inthe ACR the user chose to connect with.

The ACR is an individual login point to the SSA system. The ACR holdsthe login credentials and the authentication method. Also residing inthe record are the login permissions within the SSA system, among whichare the read and write privileges. This is illustrated in FIG. 5, whichillustrates n ACRs in the same AGP. This means that at least some of then ACRs may share access to the same key. Thus, ACR #1 and ACR #n shareaccess to a key with key ID “key 3”, where ACR#1 and ACR#n are the ACRIDs, and “key 3” is a key ID for the key that is used to encrypt dataassociated with “key 3”. The same key can also be used to encrypt and/ordecrypt multiple files, or multiple sets of data.

The SSA system supports several types of login onto the system whereauthentication algorithms and user credentials may vary, as may theuser's privileges in the system once he logged in successfully. FIG. 5again illustrates different login algorithms and credentials. ACR#1requires a password login algorithm and password as credential whereasACR#2 requires a PKI (public key infrastructure) login algorithm andpublic key as credential. Thus, to login, an entity will need to presenta valid ACR ID, as well as the correct login algorithm and credential.

Once an entity is logged into an ACR of the SSA system, itspermissions—its rights to use SSA commands—are defined in thePermissions Control Record (PCR) which is associated with the ACR. InFIG. 5, ACR#1 grants read only permission to data associated with “key3”, and ACR #2 grants permission to read and write data associated with“key 5” according to the PCR shown.

Different ACRs may share common interests and privileges in the systemsuch as in keys with which to read and write. To accomplish that, ACRswith something in common are grouped in AGPs—ACR Groups. Thus, ACR #1and ACR #3 share access to a key with key ID “key 3”.

AGPs and, the ACRs within, are organized in hierarchical trees and soaside from creating secure keys that keep sensitive data secure; an ACRcan preferably also create other ACR entries that correspond to his keyID/partitions. These ACR children will have the same or less permissionsas their father—creator and, may be given permissions for keys thefather ACR himself created. Needless to add, the children ACRs getaccess permissions to any key that they create. This is illustrated inFIG. 6. Thus, all of the ACRs in AGP 120 were created by ACR 122 and twoof such ACRs inherit from ACR 122 permission(s) to access to dataassociated with “key 3”.

AGP

Logging onto the SSA system is done by specifying an AGP and an ACRwithin the AGP.

Every AGP has a unique ID (reference name), which is used as an index toits entry in the SSA database. The AGP name is provided to the SSAsystem, when the AGP is created. If the provided AGP name already existsin the system, the SSA will reject the creation operation.

AGPs are used to administer restrictions on delegation of access andmanagement permissions as will be described in the following sections.One of the functions served by the two trees in FIG. 6 is to administerthe access by entirely separate entities, such as two differentapplications, or two different computer users. For such purposes, it maybe important for the two access processes to be substantiallyindependent of one another (i.e. substantially no cross-talk), eventhough both occur at the same time. This means that the authentication,permissions as well as the creation of additional ACRs and AGPs in eachtree are not connected to and do not depend on those of the other tree.Hence, when the SSA system is used in memory 10, this allows the memorysystem 10 to serve multiple applications simultaneously. It also allowsthe two applications to access two separate sets of data independentlyof one another (e.g. a set of photographs and a set of songs). This isillustrated in FIG. 6. Thus, the data associated with “keys 3”, “key X”and “key Z” for the application or user accessing via nodes (ACRs) inthe tree in the top portion of FIG. 6 may comprise photographs. The dataassociated with “key 5” and “key Y” for the application or useraccessing via nodes (ACRs) of the tree in the bottom portion of FIG. 6may comprise songs. The ACR that created the AGP has the permission todelete it preferably only when the AGP is empty of ACR entries.

The Entity's SSA Entry Point: Access Control Record (ACR)

An ACR in the SSA system describes the way the entity is permitted tolog into the system. When an entity logs into the SSA system it needs tospecify the ACR that corresponds to the authentication process it isabout to perform. An ACR includes a Permissions Control Record (PCR)that illustrates the granted actions the user can execute onceauthenticated as defined in the ACR illustrated as in FIG. 5. The hostside entity provides all of the ACR data fields.

When an entity has successfully logged onto an ACR, the entity will beable to query on all of the ACR's partition and key access permissionsand ACAM permissions (explained below).

ACR ID

When an SSA system entity initiates the login process it needs tospecify the ACR ID (as provided by the host when the ACR was created)that corresponds to the login method so that the SSA will set up thecorrect algorithms and select the correct PCR when all loginrequirements have been met. The ACR ID is provided to the SSA systemwhen the ACR is created.

Login/Authentication Algorithm

The authentication algorithm specifies what sort of login procedure willbe used by the entity, and what kind of credentials are needed toprovide proof of user's identity. The SSA system supports severalstandard login algorithms, ranging from no procedure (and no credential)and password-based procedures to a two-way authentication protocolsbased on either symmetric or asymmetric cryptography.

Credentials

The entity's credentials correspond to the login algorithm and are usedby the SSA to verify and authenticate the user. An example forcredential can be a password/PIN-number for password authentication,AES-key for AES authentication, etc. The type/format of the credentials(i.e. the PIN, the symmetric key, etc. . . . ) is predefined and derivedfrom the authentication mode; they are provided to the SSA system whenthe ACR is created. The SSA system has no part in defining, distributingand managing these credentials, with the exception of PKI basedauthentication where the device (e.g. flash card) can be used togenerate the RSA key pair and the public key can be exported forcertificate generation.

The Permissions Control Record (PCR)

The PCR shows what is granted to the entity after logging into the SSAsystem and passing the ACR's authentication process successfully. Thereare three types of permission categories: Creation permissions forpartition and keys, Access permissions to partitions and keys andmanagement permissions for Entity-ACR Attributes

Accessing Partitions

This section of the PCR contains the list of partitions (using their IDsas provided to the SSA system) the entity can access upon completing theACR phase successfully. For each partition the access type may berestricted to write-only or read-only or may specify full write/readaccess rights. Thus, the ACR#1 in FIG. 5 has access to partition #2 andnot partition #1. The restrictions specified in the PCR apply to the SSApartitions and the public partition.

The public partition can be accessed either by regular read and writecommands to the device (e.g. flash card) hosting the SSA system, or bySSA commands. When a root ACR (explained below) is created with thepermission to restrict the public partition, he can pass it on to hischildren. An ACR can preferably only restrict the regular read and writecommands from accessing the public partition. ACRs in the SSA system canbe restricted preferably only upon their creation. Once an ACR has thepermission to read/write from/to the public partition, preferably itcannot be taken away.

Accessing Key IDs

This section of the PCR contains the data associated with the list ofkey IDs (as provided to the SSA system by the host) the entity canaccess when the ACR policies have been met by the entity's loginprocess. The key ID specified is associated with a file/files thatreside in the partition appearing in the PCR. Since the key IDs are notassociated with logical addresses in the device (e.g. flash card), whenmore than one partition is associated with a specific ACR, the files canbe in either one of the partitions. The key IDs specified in the PCR canhave each, a different set of access rights. Accessing data pointed toby key IDs can be restricted to write-only or read-only or may specifyfull write/read access rights.

ACR Attributes Management (ACAM)

This section describes how in certain cases the ACR's system attributescan be changed.

The ACAM actions that may be permitted in the SSA system are:

Create/delete/update AGPs and ACR.

Create/delete Partitions and Keys.

Delegate access rights to keys and partitions.

A father ACR preferably cannot edit ACAM permissions. This wouldpreferably require the deletion and recreation of the ACR. Also theaccess permission to a key ID created by the ACR can preferably not betaken away.

Create/Delete/Update AGPs and ACR

An ACR may have the capacity to create other ACRs and AGPs. CreatingACRs also may mean delegating them some or all of the ACAM permissionspossessed by their creator. Having the permission to create ACRs meanshaving the permission for the following actions:

1. Define and edit the child's credentials—the authentication methodpreferably cannot be edited once set by the creating ACR. Thecredentials may be altered within the boundary of the authenticationalgorithm that is already defined for the child.

2. Delete an ACR.

3. Delegate the creating permission to the child ACR (thus havinggrandchildren).

An ACR with the permissions to create other ACRs has the permission todelegate the unblocking permission to ACRs it creates (although itprobably does not have the permission to unblock ACRs). The father ACRwill place in the child ACR a reference to his unblocker.

The father ACR is the only ACR that has the permission to delete hischild ACR. When an ACR deletes a lower level ACR that he created, thenall ACRs spawned by this lower-level ACR are automatically deleted aswell. When an ACR is deleted then all the key IDs and partitions that itcreated are deleted.

There are two exceptions by which an ACR can update its own record:

Passwords/PINs, although set by the creator ACR, can be updated only bythe ACR that includes them.

A root ACR may delete itself and the AGP that it resides in.

Delegate Access Rights to Keys and Partitions

ACRs and their AGPs are assembled in hierarchical trees where the rootAGP and the ACRs within are at the top of the tree (e.g. root AGPs 130and 132 in FIG. 6). There can be several AGP trees in the SSA systemthough they are totally separated from one another. An ACR within an AGPcan delegate access permissions to its keys to all ACRs within the sameAGP that it is in, and to all the ACRs created by them. The permissionto create keys preferably includes the permission to delegate accesspermissions to use the keys. The permission to delegate access rightsmay be stored as an attribute in the permission control record of thecorresponding ACR.

Permissions to keys are divided into three categories:

1. Access—this defines the access permissions for the key i.e. Read,Write.

2. Ownership—an ACR that created a key is by definition its owner. Thisownership can be delegated from one ACR to another (provided that theyare in the same AGP or in a child AGP). An ownership of a key providesthe permission to delete it as well as delegate permissions to it.

3. Access Rights Delegation—this permission enables the ACR to delegatethe rights he holds.

An ACR can delegate access permissions to partitions he created as wellas other partitions he has access permissions to.

The permission delegation is done by adding the names of the partitionsand key IDs to the designated ACR's PCR. Delegating key accesspermissions may either be by the key ID or by stating that accesspermission is for all of the created keys of the delegating ACR.

Blocking and Unblocking of ACRs

An ACR may have a blocking counter which increments when the entity'sACR authentication process with the system is unsuccessful. When acertain maximum number (MAX) of unsuccessful authentications is reached,the ACR will be blocked by the SSA system.

The blocked ACR can be unblocked by another ACR, referenced by theblocked ACR. The reference to the unblocking ACR is set by its creator.The unblocking ACR preferably is in the same AGP as the creator of theblocked ACR and has the “unblocking” permission.

No other ACR in the system can unblock the blocked ACR. An ACR may beconfigured with a blocking counter but without an unblocker ACR. In thiscase, if this ACR get blocked it cannot be unblocked.

Root AGP—Creating an Application Database

The SSA system is designed to handle multiple applications and isolatethe data of each one of them. The tree structure of the AGP system isthe main tool used to identify and isolate application specific data.The root AGP is at the tip of an application SSA database tree andadheres to somewhat different behavior rules. Several root AGPs can beconfigured in the SSA system. Two root AGPs 130 and 132 are shown inFIG. 6. Obviously fewer or more AGPs may be used and are within thescope of this invention.

Registering the device (e.g. flash card) for a new application and/orissue credentials of a new applications for the device are done throughthe process of adding new AGP/ACR tree to the device.

The SSA system supports three different modes of root AGP creation (aswell as all of the ACRs of the root AGP and their permissions):

1. Open: Any user or entity without requiring any sort ofauthentication, or users/entities authenticated through the system ACR(explained below), can create a new root AGP. The open mode enablescreation of root AGPs either without any security measures while alldata transfer is done on an open channel (i.e. in the secure environmentof an issuance agency) or, through a secure channel established throughthe system ACR authentication (i.e. Over The Air (OTA) and post issuanceprocedures).

If the system ACR is not configured (this is an optional feature) andthe root AGP creation mode is set to Open, only the open channel optionis available.

2. Controlled: Only entities authenticated through the System ACR cancreate a new root AGP. The SSA system cannot be set to this mode ifsystem ACR is not configured.

3. Locked: Creation of root AGPs is disabled and no additional root AGPscan be added to the system.

Two SSA commands control this feature (these commands are available toany user/entity without authentication):

1. Method configuration command—Used to configure the SSA system to useany one of the three root AGP creation modes. Only the following modechange are allowed: Open->Controlled, Controlled->Locked (i.e. if theSSA system is currently configured as Controlled, it can only be changedto locked)

2. Method configuration lock command—Used to disable the methodconfiguration command and permanently lock the currently selectedmethod.

When a root AGP is created, it is in a special initializing mode thatenables the creation and configuration of its ACRs (using the sameaccess restrictions that applied to the creation of the root AGP). Atthe end of the root AGP configuration process, when the entityexplicitly switches it to operating mode, the existing ACRs can nolonger be updated and additional ACRs can no longer be created

Once a root AGP is put in standard mode it can be deleted only bylogging into the system through one of its ACRs that is assigned withthe permission to delete the root AGP. This is another exception of rootAGP, in addition to the special initialization mode; it is preferablythe only AGP that may contain an ACR with the permission to delete itsown AGP, as opposed to AGPs in the next tree level.

The third and last difference between a root ACR and a standard ACR isthat it is the only ACR in the system that can have the permission tocreate and delete partitions.

SSA System ACR

The system ACR may be used for the following two SSA operations:

1. Create an ACR/AGP tree under the protection of a secured channelwithin hostile environments.

2. Identify and authenticate the device hosting the SSA system.

There may preferably be only one System ACR in the SSA and once definedit preferably cannot be changed. There is no need for systemauthentication when creating the System ACR; only a SSA command isneeded. The create-system-ACR feature can be disabled (similarly to thecreate-root-AGP feature). After the system ACR is created, thecreate-system-ACR command has no effect, since preferably only oneSystem ACR is allowed.

While in the process of creating, the System ACR is not operational.Upon finishing, a special command needs to be issued indicating that theSystem ACR is created and ready to go. After this point the System ACRpreferably cannot be updated or replaced.

The System ACR creates the root ACR/AGP in the SSA. It has permission toadd/change the root level until such time that the host is satisfiedwith it and blocks it. Blocking the root AGP essentially cuts off itsconnection to the system ACR and renders it temper proof. At this pointno one can change/edit the root AGP and the ACRs within. This is donethrough an SSA command. Disabling creation of root AGPs has a permanenteffect and cannot be reversed. The above features involving the systemACR are illustrated in FIG. 7. The system ACR is used to create threedifferent root AGPs. At a certain time after these are created, the SSAcommand is sent from the host to block the root AGPs from the systemACR, thereby disabling the create-root-AGP feature, as indicated by thedotted lines connecting the System ACR to the root AGPs in FIG. 7. Thisrenders the three root AGPs temper proof. The three root AGPs may beused to create children AGPs to form three separate trees, before orafter the root AGPs are blocked.

The above-described features provides great flexibility to the contentowner in configuring secure products with content. Secure products needto be “Issued”. Issuance is the process of putting identification keysby which the device can identify the host and vice versa. Identifyingthe device (e.g. flash card) enables the host to decide whether it cantrust its secrets with it. On the other hand, identifying the hostenables the device to enforce security policies (grant and execute aspecific host command) only if the host is allowed to.

Products that are designed to serve multiple applications will haveseveral identification keys. The product can be “pre-issued”—keys storedduring manufacturing before shipping, or “post issued”—new keys areadded after shipping. For post issuance, the memory device (e.g. memorycard) needs to contain some kind of master or device level keys whichare being used to identify entities which are allowed to addapplications to the device.

The above described features enables a product to be configured toenable/disable post issuance. In addition, the post issuanceconfiguration can be securely done after shipping. The device may bebought as a retail product with no keys on it in addition to the masteror device level keys described above, and then be configured by the newowner to either enable further post issuance applications or disablethem.

Thus, the system ACR feature provides the capability to accomplish theabove objectives:

Memory devices with no system ACR will allow unlimited and uncontrolledaddition of applications.

Memory devices without system ACR can be configured to disable thesystem ACR creation, which means there is no way to control adding ofnew applications (unless the feature of creating new root AGP isdisabled as well)

Memory devices with system ACR will allow only controlled addition ofapplications via a secure channel to establish through an authenticationprocedure using the system ACR credential.

Memory devices with system ACR may be configured to disable theapplication adding feature, before or after applications have beenadded.

Key ID List

Key IDs are created per specific ACR request; however, in the memorysystem 10, they are used solely by the SSA system. When a key ID iscreated the following data is provided by or to the creating ACR:

1. Key ID. The ID is provided by the entity through the host and is usedto reference the key and data that is encrypted or decrypted using thekey in all further read or write accesses.

2. Key Cipher and data integrity Mode (the Blocked, Chained and HashedModes above and as explained below)

In addition to the host provided attributes, the following data ismaintained by the SSA system:

1. Key ID Owner. The ID of the ACR that is the owner. When a key ID iscreated the creator ACR is its owner. Key ID ownership may, however, betransferred to another ACR. Preferably only the key ID owner is allowedto transfer ownership of, and delegate, a key ID. Delegating accesspermission to the associated key, and revoking these rights can beadministered either by the key ID owner or any other ACR assigned withdelegation permissions. Whenever an attempt is made to exercise any oneof these operations, the SSA system will grant it only if the requestingACR is authorized.

2. CEK. This is the CEK used to cipher the content associated with orpointed to by the key ID. The CEK may be a 128 bit AES random keygenerated by the SSA system.

3. MAC and IV values. Dynamic information (message authentication codesand initiation vectors) used in the Chained Block Cipher (CBC)encryption algorithms.

The various features of the SSA are also illustrated in reference to theflow charts in FIGS. 8A-16, where ‘H’ to the left of a step means theoperation is performed by the host, and ‘C’ means the operation isperformed by the card. In order to create a System ACR, the host issuesto the SSA in the memory device 10 a command to create System ACR (block202). The device 10 responds by checking whether a System ACR alreadyexists (block 204, diamond 206). If it already exists, then device 10returns failure and stops (oblong 208). If it does not, then memory 10checks to see if System ACR creation is allowed (diamond 210), andreturns a failure status if not allowed (block 212). Thus, there may beinstances where the device issuer does not allow the creation of aSystem ACR, such as in the case where the security features needed havebeen predetermined so that no System ACR is needed. If this is allowed,the device 10 returns OK status and waits for System ACR credentialsfrom the host (block 214). The host checks the SSA status and whetherthe device 10 has indicated that the creation of a System ACR is allowed(block 216 and diamond 218). If creation is not allowed or if a systemACR already exists, the host stops (oblong 220). If the device 10 hasindicated that the creation of a System ACR is allowed, the host issuesa SSA command to define its login credential and sends it to the device10 (block 222). The device 10 updates a System ACR record with thecredential received and returns OK status (block 224). In response tothis status signal, the host issues SSA command indicating the systemACR is ready (block 226). The device 10 responds by locking the SystemACR so that it cannot be updated or replaced (block 228). This locks inthe features of the system ACR and its identity for identifying thedevice 10 to the host.

The procedure for creating new trees (New Root AGPs and ACR) isdetermined by the way these functions are configured in the device. FIG.9 explains the procedures. Both the host 24 and the memory system 10follow it. If adding new root AGP is disabled altogether, new root AGPscannot be added (diamond 246). If it is enabled but requires a systemACR, the host authenticates through the system ACR and establishes asecure channel (diamond 250, block 252) prior to issuing the Create RootAGP command (block 254). If system ACR is not required (diamond 248) thehost 24 can issue the create root AGP command without authentication andproceed to block 254. If system ACR does exist, the host may use it evenif it is not required (not shown in the flow chart). The device (e.g.flash card) will reject any attempt to create a new root AGP if thefunction is disabled and it will reject an attempt to create a new rootAGP without authentication, if system ACR is required (diamonds 246 and250). The newly created AGP and ACR in block 254, are now switched toOperational Mode so that the ACRs in such AGPs cannot be updated orotherwise changed, and no ACRs can be added to them (block 256). Thesystem is then, optionally locked so that additional root AGPs cannot becreated (block 258). The dotted line box 258 is a convention indicatingthat this step is an optional step. All the boxes in the flow charts ofthe figures of this application in dotted lines are optional steps. Thisallows the content owner to block the use of device 10 for other illicitpurposes that may imitate a genuine memory device with legitimatecontent.

To create ACRs (other than the ACRs in the root AGP as described above),one may start with any ACR that has the right to create an ACR (block270) as shown in FIG. 10. An entity may attempt to enter through thehost 24 by providing the entry point ACR identity, and the ACR with allthe necessary attributes that it wishes to create (block 272). The SSAchecks for a match to the ACR identity and whether the ACR with suchidentity has the permission to create an ACR (diamond 274). If therequest is verified to be authorized, the SSA in device 10 creates anACR (block 276).

FIG. 11 shows two AGPs that illustrate a tree useful in securityapplications using the method of FIG. 10. Thus, the ACR with identity m1in the marketing AGP has the permission to create an ACR. The ACR m1also has the permission to use a key for reading and writing dataassociated with the key ID “Marketing Information” and data associatedwith the key ID “Price List”. Using the method of FIG. 10, it createsthe Sales AGP with two ACRs: s1 and s2 with only read permission to thekey for accessing pricing data associated with the key ID “Price List”,but not to the key necessary for accessing data associated with the keyID “Marketing Information”. In this manner, the entities with the ACRss1 and s2 can only read but not change the pricing data, and will haveno access to marketing data. The ACR m2, on the other hand, has nopermission to create ACRs, and has only read permission to the keys foraccessing data associated with the key ID “Price List” and with the keyID “Marketing Information”.

Thus, access rights may be delegated in the manner explained above wherem1 delegates rights to read pricing data to s1 and s2. This isparticularly useful where large marketing and sales groups are involved.Where there are but one or a few sales people, there may be no need touse the method of FIG. 10. Instead, the access rights may be delegated,by an ACR to one at a lower or the same level within the same AGP, asillustrated in FIG. 12. First, the entity enters the tree for such AGPby specifying an ACR in the manner described above in the tree throughthe host (block 280). Next the host will specify the ACR and the rightsto delegate to. The SSA checks the tree(s) for such ACR and whether theACR has the permission to delegate rights to the specified another ACR(diamond 282). If it does, the rights are delegated (block 284); if notit stops. The result is illustrated in FIG. 13. The ACR m1 in this casehas the permission to delegate read permission to the ACR s1, so that s1will be able to use a key to access pricing data after the delegation.This may be performed if m1 has the same or greater rights to accesspricing data and the permission to so delegate. In one embodiment, m1retains its access rights after the delegation. Preferably access rightsmay be delegated under restricted conditions (rather then permanently)such as for a limited time, limited number of accesses, etc.

The process for creating a key and key ID is illustrated in FIG. 14. Theentity authenticates through an ACR (block 302). The entity requests thecreation of a key with an ID specified by the host (block 304). The SSAchecks and see if the ACR specified has the permission to do so (diamond306). For example, if the key is to be used for accessing data in aparticular partition, the SSA will check and see if the ACR may accesssuch partition. If the ACR is authorized, then the memory device 10creates a key value associated with the key ID provided by the host(block 308), ands stores the key ID in the ACR, and the key value in itsmemory (either in the controller-associated memory or memory 20) andassigns rights and permissions according to information supplied by theentity (block 310) and modifies the PCR of such ACR with such assignedrights and permissions (block 312). Thus, the creator of the key has allavailable rights, such as read and write permissions, right to delegateand share with other ACRs in the same AGP or an ACR at a lower level,and the right to transfer ownership of the key.

An ACR can change the permissions (or the existence altogether) ofanother ACR in the SSA system as illustrated in FIG. 15. An entity mayenter a tree through an ACR as before; in one case the entity isauthenticated and then it specifies an ACR (blocks 330, 332). Itrequests the deletion of a target ACR or the permission in a target ACR(block 334). If the ACR specified or the one active at such time has theright to do so (diamond 336), the target ACR is deleted, or the PCR ofthe target ACR is altered to delete such permission (block 338). If thisis not authorized the system stops.

After the above-described process, the target will no longer be able toaccess the data it was able to prior to the process. As shown in FIG.16, an entity may attempt to enter at the target ACR (block 350) andfinds that the authentication process fails, since the previouslyexisting ACR ID is no longer present in the SSA, so that access rightsare denied (diamond 352). Assuming that the ACR ID has not been deleted,the entity specifies an ACR (block 354) and the key ID and/or data in aparticular partition (block 356), and the SSA then checks to see the keyID or partition access request is permitted according to the PCR of suchACR (diamond 358). If the permission has been deleted or has expired,then the request is again denied. Otherwise, the request is granted(block 360).

The above process describes how access to protected data is managed bythe device (e.g. flash card), regardless of whether the ACR and its PCRwere just changed by another ACR or were so configured to begin with.

Sessions

The SSA system is designed to handle multiple users, logged inconcurrently. This feature requires that every command received by theSSA is associated with a specific entity and executed only if the ACR,used to authenticate this entity, has the permissions for the requestedaction.

Multiple entities are supported through the session concept. A sessionis established during the authentication process and assigned asession-id by the SSA system. The session-id is internally associatedwith the ACR used for logging into the system and is exported to theentity to be used in all further SSA commands.

The SSA system supports two types of sessions: Open, and Securesessions. The session type associated with a specific authenticationprocess is defined in the ACR. The SSA system will enforce sessionestablishment in a way similar to the way it enforces the authenticationitself. Since the ACR defines the entity permissions, this mechanismenables system designers to associate secure tunneling either withaccessing specific key IDs or invoking specific ACR managementoperations (i.e. creating new ACRs and setting credentials)

Open Session

Open session is a session identified with a session-id but without busencryption, all commands and data are passed in the clear. This mode ofoperation is preferably used in a multi-user or multi-entity environmentwhere the entities are not part of the threat model, nor iseavesdropping on the bus.

Although not protecting the transmission of the data nor enablingefficient fire-walling between the applications on the host side, theOpen session mode enables the SSA system to allow access only to theinformation allowed for the currently authenticated ACRs.

The Open session can also be used for cases where a partition or a keyneeds to be protected. However, after a valid authentication process,access is granted to all entities on the host. The only thing thevarious host applications need to share, in order to get the permissionsof the authenticated ACR is the session-id. This is illustrated in FIG.17A. The steps above the line 400 are those taken by the host 24. Afteran entity is authenticated (block 402) for ACR1, it requests access to afile associated with a key ID X in the memory device 10 (blocks 404, 406and 408). If the PCR of the ACR 1 allows such access, device 10 grantsthe request (diamond 410). If not, the system returns to block 402.After authentication is completed, the memory system 10 identifies theentity issuing a command only by the assigned session id (and not theACR credentials). Once the ACR 1 gains access to the data associatedwith the key IDs in its PCR, in an open session, any other applicationor user can access the same data by specifying the correct session IDwhich is shared between the different applications on the host 24. Thisfeature is advantageous in applications where it is more convenient tothe user to be able to log in only once, and be able to access all thedata tied to the account through which the log in is performed fordifferent applications. Thus, a cellular phone user may be able toaccess stored emails, and listen to stored music in memory 20 withouthaving to log in multiple times. On the other hand, data not encompassedby the ACR1 will not be accessible. Thus, the same cellular phone usermay have valuable content such as games and photographs accessiblethrough a separate account ACR2. This is data that he does not wishothers who borrow his phone to access, even though he may not mindothers accessing data available through his first account ACR1.Separating access to the data into two separate accounts while allowingaccess to ACR1 in open session provides ease of use as well as affordingprotection of valuable data.

To even further ease the process of sharing the session-id amongst thehost applications, when an ACR is requesting an Open session it canspecifically request that the session will be assigned the “0 (zero)”id. This way, applications can be designed to use a pre-definedsession-id. The only restriction is, for obvious reasons, that only oneACR, requesting session 0 can be authenticated at a specific time. Anattempt to authenticate another ACR requesting session 0, will berejected.

Secure Session

To add a layer of security, the session id may be used as shown in FIG.17B. The memory 10 then also stores the session ids of the activesessions. In FIG. 17B, for example, in order to be able to access a fileassociated with key ID X, the entity will need to also provide a sessionid, such as session id “A” before it is allowed to access the file(blocks 404, 406, 412 and 414). In this manner, unless the requestingentity is aware of the correct session id, it cannot access the memory10. Since the session id is deleted after the session is over and willbe different for each session, an entity can gain access only when ithas been able to provide the session number.

The SSA system has no way to make sure that a command is really comingfrom the correct authenticated entity, other than by using the sessionnumber. For applications and use cases where there is a threat thatattackers will try to use an open channel to send malicious commands,the host application uses a secure session (a secure channel).

When using a secure channel, the session-id, as well as the entirecommand, is encrypted with the secure channel encryption (session) keyand the security level is as high as the host side implementation.

Terminating a Session

A session is terminated and, the ACR is logged off, in any one of thefollowing scenarios:

1. The entity issues an explicit end-session command.

2. Time out on communication. A specific entity issued no command for atime period defined as one of the ACR parameters.

3. All open sessions are terminated after device (e.g. flash card) resetand/or power cycle.

Data Integrity Services

The SSA system verifies the integrity of the SSA database (whichcontains all the ACRs, PCRs, etc. . . . ). In addition data integrityservices are offered for entity data through the key ID mechanism.

If a key ID is configured with Hashed as its encryption algorithms thehash values are stored along side with the CEK and IV in the CEK record.Hash values are calculated and stored during write operation. Hashvalues are again calculated during read operations and compared with thevalues stored during the previous write operations. Every time theentity is accessing the key ID the additional data is concatenated(cryptographically) to the old data and the appropriate Hash value (forread or for write) updated.

Since only the host knows the data files associated with or pointed toby a key ID, the host explicitly manages several aspects of the dataintegrity function in the following manner:

1. A data file associated with or pointed to by a key ID is written orread from the beginning to end. Any attempt to access portions of thefile will mess it up since the SSA system is using a CBC encryptionmethod and generates a hashed message digest of the entire data

2. There is no need to process the data in a contiguous stream (the datastream can be interleaved with data streams of other key Ids and may besplit over multiple sessions) since intermediate Hash values aremaintained by the SSA system. However, the entity will need toexplicitly instruct the SSA system to reset the Hash values if the datastream is restarted.

3. When a read operation is completed, the host must explicitly requestthe SSA system to validate the read Hash by comparing it with the Hashvalue calculated during the write operation.

4. The SSA system provides a “dummy read” operation as well. Thisfeature will stream the data through the encryption engines but will notsend it out to the host. This feature can be used to verify dataintegrity before it is actually read out of the device (e.g. flashcard).

Random Number Generation

The SSA system will enable external entities to make use of the internalrandom number generator and request random numbers to be used outside ofthe SSA system. This service is available to any host and does notrequire authentication.

RSA Key Pair Generation

The SSA system will enable external users to make use of the internalRSA key pair generation feature and request an RSA key pair to be usedoutside of the SSA system. This service is available to any host anddoes not require authentication.

The above detailed description of the SSA system and associated featuresis essentially taken from U.S. Provisional Patent Application Ser. No.60/638,804, filed Dec. 21, 2004.

Avenues for Distributing Media Content The Environment and DifferentDistribution Models

FIG. 18 illustrates an environment in which the above-described memorydevice 10 may be used for storing media content securely and fordelivering the media content stored therein in a controlled manner. Asshown in FIG. 18, the media content in device 10 may be rendered by avariety of different end user terminals or hosts, including personaldigital assistants, video game machines, cellular telephone handsets502, media players such as MP3 players 506, and computers 508 such asdesktop, notebook, or laptop computers. New avenues for media contentdistribution may be achieved using device 10 by service providers suchas MNOs 504. MNO 504 may supply media content to device 10 throughhandsets 502. Alternatively, where access to media content stored indevice 10 is restricted, rights and/or rules may be downloaded fromoperator 504 to handsets 502 in order to access the media contentsstored in device 10. The rights and/or rules governing access to theencrypted media content in device 10 could also apply even when themedia content in device 10 is accessed not by handsets 502, but by othertypes of terminals such as media player 506 and computer 508. Instead ofreceiving media content and rights and/or rules from operator 504,device 10 may instead receive such content and rights and/or rulesthrough other servers such as the account management server 510 andcomputer 508 through the interne. Such content and rights and/or rulesmay be provided to computer 508 and server 510 by operator 504.

In the environment of FIG. 18, a number of new avenues using memorysystem or device 10 as the vehicle for storing and distributing mediacontent becomes possible. This is illustrated in FIGS. 19A-19D. Anavenue for distributing media content using a memory device pre-loadedwith purchased content is illustrated in FIG. 19A. While a flash memorycard is used as the example in FIGS. 19A-19D, it will be understood thatthe same considerations will apply to formats other than cards and othertypes of non-volatile rewritable memories as well. Thus a flash memorycard manufacturer CM sells the card to a Content Issuer CI, who alsobuys media content from a content provider CP and receives the rightsobject(s) for controlling such content from a rights objects (RO)server. Before such content and rights object(s) are loaded to the card,the CI first verifies whether the card is genuine by connection to anauthentication server. The content and rights object(s) are loaded afterthe card has been verified to be genuine.

As will be noted from FIG. 19A, the arrow pointing from the ContentIssuer (CI) has two branches: one pointing upwards to the ServiceProvider SP and the lower arrow pointing to the End User EU. The CIsells the card with content either directly to the end user EU along thelower arrow between CI and EU in FIG. 19A, or to a service provider SPalong the upper arrow between CI and SP. The transaction along the upperarrow will now be described.

Thus, the Content Issuer, which may also be card manufacturer CM, sellsthe card to the Service Provider, such as a MNO. The Service Providerthen sells the card together with an End User terminal such as acellular phone handset provided by an Original Equipment Manufacturer(referred to hereinafter as “OEM”) to an End User. In FIGS. 19A-19D, anarrow with a dollar sign next to it indicates a possible flow of revenuebetween the parties along the direction of the arrow shown in thefigures. Before the Content Issuer sells the card to the ServiceProvider, the Content Issuer may install control structures of the typedescribed herein. Preferably, however, such control structures areinstalled by the Service Provider as described below to enable theService Provider to create its own secure environment so that it cancontrol content distribution in the way it deems fit. Before thishappens, the card is again verified to be genuine. Thus at the ServiceProvider's facility, the card is again authenticated by connecting tothe authentication server. The card is also connected via a terminal toan authorization server to enable or activate any particular features orapplications (e.g. media content rendering applications such as mediaplayers) in the card. The Service Provider then installs a controlstructure of the type described below to control access to the contentin the card. The control structure will ensure that only authorizedusers may be able to access the content, and such access will complywith certain permissions in the control structure or with certain rightsand/or rules.

Alternatively, as indicated by the lower arrow pointing from the ContentIssuer to the End User, the Content Issuer may sell the card directly tothe End User. The End User obtains a terminal such as a cellular phonehandset from an OEM. Provided that such terminal and the card canmutually authenticate, such as in a manner described below, the End Userwill then be able to access the content in the card using the terminal.One process of mutual authentication is explained below.

The above avenue for media distribution is one where the card containsonly content already purchased by the End User. In this configuration,the End User is provided with the required authentication informationsuch as credentials for accessing the content. This will prevent otherswho are not provided with such authentication means to access thecontent in an unauthorized manner.

FIG. 19B is a flow diagram illustrating another avenue for media contentdistribution to illustrate another embodiment of the invention. Thesteps whereby content is installed in the card and by which the cardreaches the End User are similar to those in FIG. 19A. The scheme inFIG. 19B differs from that of FIG. 19A in that the content loaded intothe card can only be rendered with certain restrictions for previewpurposes (e.g. accessing for rendering a portion or lower qualityversion of the content, or only for limited number of times orduration), instead of being able to render with no restrictions as inthe scheme of FIG. 19A. In other words, if the End User wishes to enjoythe media content fully, he or she will have to first purchase the rightto access and render unabridged versions of such media content withoutrestrictions instead of being content with their previews. Thus afterthe purchase, the End User may then access and render withoutrestrictions the full unabridged versions of the media content from theService Provider. Before the End User is allowed to download theappropriate rights for such purpose, however, the card is again verifiedto be genuine by means of the authentication server. After suchauthentication, the Rights Issuer then provides the control structuresuch as a rights object to the Service Provider, who in turn providesthe same to the End User for downloading. In one embodiment, the rightsobject may comprise credentials for the End User (or other entities suchas applications on hosts) to access encrypted media content, and rightsand/or rules governing such access. In a different embodiment, therights object may contain the actual content encryption keys that can beused to decrypt the encrypted media content. Where the rights objectcontains the actual content encryption keys, the credentials in therights object may be ones that are generated on the fly using a secretcode and the memory device ID as seed values by means of a function suchas a hash function. This scheme can also be applied even where therights object does not contain the actual content encryption keys. TheEnd User may also have the option to upgrade the preloaded contentduring the purchase, such as by downloading the high quality unabridgedversion of the preview content.

Alternatively, where preview content is loaded to the card by theContent Issuer in the manner illustrated in FIG. 19A, such content mayalso include encrypted unabridged versions of the media content. Thuswhen the End User purchases such cards, the cards will have alreadystored the encrypted versions of the media content he or she wishes topurchase. The cards will also have stored therein rights and/or rulesthat restrict the end users rights to access only the abridged versionsor portions of the content in the cards. In such circumstances, there isno need to download such content to the card again. Instead, all the EndUser will need are the content encryption keys for decrypting the mediacontent and an update to the rights and/or rules governing such accessto permit unrestricted or more relaxed access. Such information will bedownloaded from the Rights Issuer through the Service Provider afterauthentication.

FIG. 19C is a flow diagram illustrating yet another avenue for mediacontent distribution. A comparison of FIGS. 19A and 19C will reveal thatthe two schemes are substantially the same, except that in the scheme ofFIG. 19C, the content in the card can be accessed by the End User onlyafter the End User subscribes to a service, such as a service providedby the Service Provider. Thus the card purchased by the End User willcontain control information which does not allow the End User to accessthe content until the End User has subscribed. As shown in FIG. 19C, theEnd User may first purchase the card from the Content Issuer, but willnot be able to access the media content therein until he or she haspurchased a subscription from the Service Provider. As before, prior tothe confirmation of the subscription, the card in the End User'spossession is verified to be genuine by the authentication server andthe applications (e.g. media content rendering applications such asmedia players) therein optionally enabled or activated by theauthorization server. In the subscription process, the rights objectprovided by the Rights Issuer is then transmitted by the ServiceProvider to the End User for downloading to the card. Since thetransaction is subscription based, the End User will need to pay for thesubscription periodically so that the flow of revenue will be recurringfrom the End User to the Rights Issuer through the Service Provider.

FIG. 19D is a flow diagram illustrating another avenue for media contentdistribution. In this scheme, the card purchased by the End User willhave no pre-loaded media content. Thus the End User will have topurchase the content from the Service Provider who in turn obtainscontent from the content provider server. As before, prior to theloading of the content to the card, the card is authenticated by theauthentication server. Features and applications (e.g. media contentrendering applications such as media players) are optionally enabled bythe authorization server. As part of the transaction, a rights objectoriginating from the Rights Issuer is transmitted through the ServiceProvider to the End User for download to the card. This transaction maybe subscription based so that the End User will have to periodically paythe Rights Issuer and the Service Provider. While the card purchased bythe End User may have no pre-loaded media content, the card may haverights object(s) stored therein which entitle the End User to downloadsuch content. This is then a prepaid media content card, which enablesthe End User to repeatedly download content purchased.

Different Modules and Functions of Device 10

FIG. 20 is a block diagram of one embodiment of memory device 10 wheredifferent functions are stored in different areas of the device. Asshown in FIG. 20, device 10 has a content area which stores securedoperator content, such as encrypted content associated or owned by anMNO, such as operator 504 of FIG. 18. Stored in the content area is alsoencrypted and/or unencrypted preloaded content described in more detailbelow. Also stored in the content area may be user content that is notrestricted, as well as user content that is restricted and locked, suchas by means of encryption.

Security area of device 10 may contain a number of different functionsimplemented by software codes, such as the DRM agents described in moredetail below. Security area of device 10 may be implemented using thehidden partitions described above. Content encryption keys,certificates, and an authorization manager may also be stored in thesecurity area. Control structures such as AGP/ACR described above mayform part of the authorization manager. Also stored in the security areaare applications and management structures for MNO operators. In acommunications area, device 10 stores a handset abstraction and serveragent. These may be useful where device 10 is operated by a handset.

FIG. 21 is a block diagram of a system architecture used forimplementing the different media content distribution schemes of FIGS.19A-19D. As shown in FIG. 21, memory device 10 comprises a secure storewhich preferably utilizes the above-described features of hiddenpartitions and encryption using content encryption keys with accesscontrol records (ACRs) or rights objects (“RO”) as possible embodiments.Device 10 also includes an access manager (which can include or be apart of the DRM agent stored in the security area of the device), whichcan interface with different digital rights management (DRM) agents nowin use commercially. These include, for example, mobile DRM agentscommonly used in handsets for cellular phones and the Windows 32 DRMagent now commonly used on personal computers. In this manner, theaccess manager of device 10 can interface with different types of DRMagents in the End User terminals for the purpose of downloading contentand rights objects (or updating rights objects) as well as altering thepermissions in the access control records or rights objects in device10.

Thus when media content is to be downloaded from the SP server in FIGS.19A-19D to device 10, the architecture of FIG. 21 implements suchdownload by first passing the media content from the content server 522to the DRM server 524. The content server 522 may be situated at aService Provider which receives the content from the content providerserver. Alternatively, if the media content is downloaded from thecontent provider directly without going through the Service Provider,the content server 522 may be located at a content provider's facility.DRM server 524 is in communication with payment servers 526 which managepayment to the MNOs and other entities for media content downloadsthrough handsets, personal computers and other terminals as describedabove in reference to FIGS. 18 and 19A-19D. Thus after proof of paymentis provided by one of the multiple payment servers 526, the DRM server524 transmits rights objects and the media content from content server522 to a terminal (handset 528 or personal computer 530 in FIG. 21). TheDRM agent 528 a or 530 a then transmits the media content and rightsobjects to the access manager of device 10 where the access manager thenstores such media content in a partition in device 10. The rightsobjects may be obtained by server 524 from the Rights Issuer not shownin FIG. 21. Instead of transmitting rights objects as described above,the DRM agents and the access manager may alter or update rights objects(e.g. after purchase of new or additional rights) already stored indevice 10. The installation and alteration of control structures such asACRs, AGPs and ROs may be performed in a similar manner. The processesdescribed herein where media content and rights objects are transmittedor altered are preferably performed via a secure session of the typedescribed above using a session key. Thus, the credentials or otherauthentication information as well as decrypted media files may beencrypted with session keys before they are transmitted. This is truealso where other types of control structures such as ACRs, AGPs andhierarchical trees are created or altered in the memory device through aterminal in communication with a server.

As illustrated more clearly in FIG. 20, the access manager in device 10includes a DRM agent which is able to interface and directly handlecommands from DRM server 524, so that even if the End User terminals,such as handset 528 and computer 530, do not include a DRM agent, theaccess manager of device 10 will still be able to implement theabove-described functions, such as the installation or alteration ofcontrol structures and the downloading of media content and rightsobjects.

Memory Device with Preview Content

FIG. 22 is a block diagram illustrating a memory device containing paidmedia content and unpaid catalog media content to illustrate onepossible avenue for distributing media contents. As illustrated above inreference to FIG. 19A, content including paid media content and unpaidcatalog media content may be loaded into the memory device 10 so thatthe memory device containing such content is labeled 10″ in FIG. 22.Also loaded into the memory device is a corresponding rights object forcontrolling access to the paid content. As illustrated in FIG. 22, inone implementation, the rights object permits unlimited access to thepaid content via a terminal such as a cellular phone handset or personalcomputer, but only permits moving the content to a personal computerlibrary three times, which may be an optional feature. Alternatively,the optional feature may be that whoever has the appropriate credentialswill be able to export the paid media content by means of a softwareapplication operating in the terminal to other terminals for storage foronly up to three times.

In regard to the catalog media content, however, the purchase of device10″ does not permit the purchaser to have full rights to the catalogmedia contents. Instead, the purchaser's rights can be limited orabridged in a number of different ways. For example, as indicated inFIG. 22, the right to preview the catalog media content may be limitedby time duration or by the number of times or count. Alternatively, onlya selected portion (e.g., 15 seconds of a song or video) of the mediatitle can be accessed without restriction, or what can be accessed isonly a lower quality version. Thus in order to obtain unrestrictedaccess to the unabridged full quality media titles cataloged, thepurchaser will need to first purchase such rights. The rights purchasedcan be to a single media content file or an entire album of contentfiles. In the embodiment illustrated in FIG. 22, the full unabridgedversions of the media titles cataloged are actually stored in device 10″but are encrypted so that the purchasers would not be able to access thefull unabridged versions of the media titles. After purchase, the mediacontent file that is purchased is then unlocked to permit access by thepurchaser.

In an alternative embodiment, the full unabridged versions of the mediatitles cataloged in device 10″ are not already stored in device 10″.Thus after the purchaser purchases the rights for full access, suchmedia titles would then have to be downloaded, such as in the mannerdescribed above, along with the rights object for controlling the accessto such titles. The content unlocking process involving device 10″ isillustrated in the flow charts of FIGS. 23A-23C. While a flash memorycard is used as the example in FIGS. 23A-23C, it will be understood thatthe same considerations will apply to formats other than cards and othertypes of non-volatile rewritable memories as well.

The rendering device, such as a terminal, responds to the End User'srequest to access a sample of restricted media content, such asencrypted media content cataloged in the device 10″ (Block 552). Device10″, such as a flash memory card, responds to such request and providesto the rendering device or terminal the requested media sample (Block554). The media sample file preferably contains information concerningthe Internet address of a server from which the right to unlock can bepurchased, such as the address of a Service Provider's server, asillustrated in reference to FIGS. 19A-19D or a DRM server as in FIG. 21.The rendering device plays or renders, by means of a softwareapplication operating in the device, the media sample from the flashcard 10″, prompts the user to purchase unrestricted rights to the mediatitle sampled and provides the Internet address information of theserver for handling the purchasing for the user. By means of suchsoftware, the rendering device or terminal then queries the user as towhether the user wishes to purchase the rights to unlock the fullunabridged media title that has been sampled (Block 556). If the userresponds that he or she does not wish to purchase, the process ends.However if the user indicates a desire to purchase, the rendering deviceor terminal then connects to the server for handling the purchase inresponse to the user command (Block 558). The rendering device orterminal then sends the user purchase authorization inputted by the userand other user information to the server (SP server or DRM server)(Block 560).

As noted above, the rights object may contain content encryption keysand authentication information requiring the presentation of appropriatecredentials before access to such keys can be granted, and rights and/orrules in regard to how the decrypted media files or titles can be used.In one embodiment, no rights object is stored for any one of the catalogmedia titles in device 10″. In such circumstances, the rights object fordecrypting and controlling the catalog media titles would have to bedownloaded, such as from the SP server or the DRM server.

Alternatively, device 10″ may already contain rights objects that wouldpermit only restricted previewing of the catalog media titles. Thecatalog abridged media titles that can be previewed may be stored asseparate files from the locked catalog unabridged encrypted mediatitles. Thus the preview media titles may consist of portions (e.g., 15seconds worth) of the full media title, or a lower quality version ofsuch title. Alternatively, the preview media titles are not stored inseparate files, where only a portion or a degraded version of the lockedcatalog encrypted media titles is made available without restriction forpreview. Preview media titles may also comprise the full length catalogmedia title, but where previewing is limited by either time duration orcount. The above described restrictions are imposed by the rights objectalready stored in device 10″. Thus where the rights object of thecatalog media titles is already stored in device 10″, such rights objectwould then need to be updated after purchase by the purchaser with theright to unlock so that the rights object after the updating wouldpermit full access to the encrypted unabridged catalog media titles indevice 10″. Thus after user purchase authorization and other userinformation have been sent to the SP/DRM server in block 560, therendering device or terminal would cause (e.g., by means of the DRMagent) the rights object downloaded to be stored in the security area ofdevice 10″ in the case where device 10″ does not already have a rightsobject, or would cause the rights object already in device 10″ to beupdated, thereby permitting access to the media title purchased inaccordance with the current updated rights object (Blocks 562 and 564).

In response to the user request from the rendering device or terminal inBlock 560, a server (e.g. the SP or DRM server) responds by sending theuser information to the billing server 526 of FIG. 21 to obtain paymentfrom the End User (Block 566). The server (e.g. SP/DRM) provides to therendering device or terminal rights object information for storage onthe card or for updating the rights object on the card. The rightsobject includes keys and preferably information for generatingcredentials for accessing keys for decrypting the locked (encrypted)media title purchased. (Block 568).

In the above process, the rights object may contain the contentencryption keys for decrypting the catalogue media titles. In suchevent, the keys are then stored in device 10″ for decrypting the titles.However, to reduce the chance of unauthorized use, access to such keysis limited to end users who have the correct credentials for accessingsuch keys. Such credentials may be generated on the fly by the terminaland by the device 10″ using the unique ID of the terminal as a seedvalue by means of a function such as hash function in both the device10″ and the terminal. Thus, if the terminal has been authenticated bydevice 10″, device 10″ will also be able to generate such credentialsand access to the keys is granted only when the two sets of credentials(generated by the device 10″ and the terminal) match. A similar processmay be used to authenticate the device 10″ using the unique ID of device10″. If both processes are performed, the scheme becomes a mutualauthentication scheme.

As a more secure alternative, the rights object contains not the contentencryption keys themselves for decrypting the catalogue media titles,but only certain credentials for accessing such keys. For example, thecredentials may be those that would enable access as governed by the ACRstructure described above. Thus, where each catalogue media title has acorresponding ACR with corresponding content encryption key(s) that canbe used to decrypt the title, supplying the credentials to such ACR fromthe rights object will enable the decryption of the title. In suchevent, the end user will then need to input the credentials in each ofthe ACRs of all the catalogue titles (as well as credentials foraccessing the ACRs of paid content, if the paid content is similarlyprotected by the ACR structure) before such titles can be decrypted andrendered. The end user may then need to keep track of a large number ofcredentials. A more user friendly mechanism is described below inreference to FIG. 24.

FIG. 24 is a block diagram illustrating yet another embodiment forunlocking locked catalog media content in device 10″ using the accesscontrol records (ACRs) and delegation attribute described above. Thusthe control structure in device 10″ contains two AGPs 572 and 574. AGP572 contains the DRM ACR. The DRM_ACR controls the rights objects forthree different paid content media files. These rights objects control,for example, the limited right for moving content to personal computerlibraries or to export the content to another terminal.

AGP 574 contains seven access control records, including a playback _ACR576, three paid_ACRs 578 for controlling access to the contentencryption keys of the three paid media content titles and three catalog_ACRs 580 controlling access to the content encryption keys of threecorresponding catalog media titles that have not been paid for. As shownin FIG. 24, arrows 582 pointing from the playback _ACR 576 to the threepaid _ACRs 578 indicate that the three paid _ACRs 578 have delegatedtheir rights to the content encryption keys to the playback _ACR 576 sothat there is no need to present credentials to the three paid _ACRs 578in order to access the content encryption keys used for decrypting thethree paid media titles controlled by the three paid_ACRs 578. Instead,by presenting the proper credentials to the playback _ACR 576, thecontent encryption keys for decrypting the three paid media titles canbe accessed, so that it is much more convenient for the End User to haveto remember only one set of credentials instead of three or more sets.

In the embodiment above, the rights object downloaded or updatedcontains credentials in the ACRs for accessing the keys for decryptingindividual catalogue or paid media titles. As an alternative embodiment,the rights object downloaded or updated contains credentials to theDRM_ACR instead. The DRM_ACR has the permission to cause the catalog_ACRs 580 to also delegate their rights to access content encryptionkeys for decrypting the three unpaid catalog media titles also to theplayback _ACR 576. Thus, after the rights object has been downloaded orupdated, the DRM agent in either the terminal or device 10″ will accessthe DRM_ACR by presenting credentials from the rights object, and causesthe DRM_ACR to exercise its rights to cause the delegation. In theembodiment illustrated in FIG. 24, the catalog ACRs 580 then delegatetheir rights to access content encryption keys for decrypting the threeunpaid catalog media titles also to the playback _ACR 576, after thebilling server confirms that payment has been received from the End Userin Block 566 in FIG. 23C. This is illustrated by dotted lines 584 inFIG. 24. Thus after the delegation, by presenting only a single set ofthe appropriate credentials to the playback _ACR 576, the contentencryption keys for decrypting media titles controlled by catalog _ACR580 may be accessed as well as those for decrypting the paid mediatitles controlled by ACRs 578.

As illustrated in FIG. 24, and as added security, the rights objectcontains a secret code, instead of the credentials of DRM_ACR. Thecredentials of the DRM_ACR may be generated on the fly from the secretcode and the ID of device 10″ using a function. The credentials of theplayback _ACR may be generated in a similar manner from a secret codeand the ID of device 10″ using a function. All the end user needs toinput is the secret code for generating the credentials of the playback_ACR 576. Instead of ACRs, the above scheme can also be achieved usingrights objects, where different rights objects controlling access tomedia files can contain the right to delegate the permission to accesssuch files to a playback rights object.

The process of content rendering is illustrated in the flow charts ofFIGS. 25A and 25B. A trusted application on the rendering device orterminal presents a user request and credentials or secret code foraccess to a media title to device 10″ (Block 590). Device 10″ thendetermines whether the proper credentials or secret code have beenpresented to it by the rendering device (diamond 592). If the propercredentials or secret code have not been presented, device 10″ simplywaits until such credentials have been presented. If the propercredentials or secret code have been presented, then access to thecontent encryption keys stored in device 10″ is then granted. The keysare then used to decrypt ciphered media title requested. The decryptedmedia title is then sent to the trusted application (Block 594). Therendering device or terminal then renders the decrypted media title(Block 596).

Enabling Service Providers to Create Secure Environment

FIG. 26 is a block diagram of a security architecture or controlstructure in a non-volatile re-writable memory device to illustrateadditional features of this invention. The security architecture 600 ofFIG. 26 includes credentials of a service provider (SP) stored in asecurity area such as that shown in FIG. 20. SP credentials 602 pointsto pre-loaded media content 606 through arrow 604, content 606 includingpictures 606 a, music 606 b, games 606 c, and video 606 d. Where theservice provider (SP) is a MNO, pre-loaded content 606 also includeshandset specific media content 606 e, such as ring tones. The arrow 604indicates that if an application operating in a terminal has the SPcredentials 602, the application will be able to access the pre-loadedcontent 606 a-606 e. Thus, where the service provider SP is a mobilenetwork operator such as Sprint or Verizon, the operator may load itscredentials into cellular phone handsets issued by it. Then all suchhandsets may be used for accessing the pre-loaded content 606 a-606 e bysupplying the credentials of such operator to the memory device withsuch pre-loaded content.

In addition to media content that is accessible by all applications withcredentials of the service provider, the memory device may also storemedia content that is accessible only by certain subscribers. Thus, asillustrated in FIG. 26, pictures 610 a, music 610 b, games 610 c, video610 d, handset specific information 610 e, and personal media content610 f are available only to subscriber 1, or one with subscriber 1′scredentials. Thus, only an application which can supply the credentialsof subscriber 1 will be able to access the media content 610 a-610 f.Thus, if subscriber 1 wishes to access any one of the files 610 a-610 f,he or she would input his or her credentials by means of an applicationin the terminal such as a handset, and can then access any one of suchfiles. The subscriber 1's account 608 can be an individual account, orcan be a shared account within a group, such as a member account of afamily account. In such event, there can be more than one set ofcredentials that can be used to access the files 610 a-610 f. When anyone of the sets of credentials is transmitted to the memory device witharchitecture 600, the files 610 a-610 f can be accessed.

It will be noted that the architecture 600 enforces the policy that,before subscriber 1 even reaches the stage where the credentials ofsubscriber 1 are requested, SP credentials should first be presented.After the SP credentials have been presented to the memory device, thesubscriber is then asked to input the credentials for subscriber 1, ifthe subscriber wishes to access any one of the restricted files 610a-610 f.

The subscriber 1′s account 608 points to files 610 a-610 f by arrows612. Arrows 612 symbolize a control structure of one of the typesdescribed above, such as by means of rights objects which may includerights and/or rules for using the content in files 610 a-610 f. Therights objects may also include keys for decrypting the encrypted files610 a-610 f. Preferably, however, the rights objects will includecredentials for accessing access control records through which thecontent encryption keys may be obtained for decrypting files 610 a-610f.

Architecture 600 may be used to store the encrypted media contentaccessible by multiple subscribers, where the media content accessibleto one subscriber may or may not be accessible to a differentsubscriber. Thus, architecture 600 also includes an account forsubscriber X. Although not shown in FIG. 26, media content filesassociated with subscriber X may be accessed only if proper credentialsfor subscriber X is presented to the media device containingarchitecture 600. In this manner, memory device 10 may be used bymultiple subscribers. Each of the subscribers is able to independentlyaccess the media content associated with his or her account without fearof a different subscriber gaining unauthorized access to such content.At the same time, there can be shared content such as files 606 a-606 ethat all subscribers may access via architecture 600 as long as theyhave SP credentials. There may also be partial overlap between mediacontent files accessible to two or more subscribers. For example,certain media content files may be associated with more than onesubscriber account, so that such media content file can be accessed anddecrypted when the credentials of any one of the subscribers arepresented to the memory device. This can be done without the subscribershaving to share either their credentials or any keys.

As noted above, one possible control structure for the securityarchitecture 600 in FIG. 26 is the access control records (ACRs)described above. Typically the ACRs for controlling CEKs for decryptingencrypted media content are created when the memory device is created,such as the ACRs shown in FIG. 24. Then when the subscriber account iscreated, credentials in the appropriate ACRs are supplied to thesubscriber to allow the subscriber to access the CEKs.

As described above, a system ACR has the ability to create AGPs andACRs. In general, any ACR or AGP having the authority to create ACRs maybe used to create subscriber ACRs. Such ACR or AGP may be alreadycreated in device 10 when manufactured. The ACR may be created as thecontrol structure in memory device 10 before or after any media contenthas been loaded into the device. Content loaded into the device may beencrypted using content encryption keys generated by or supplied to thedevice, where the content and encryption keys become associated and arecontrolled by the subscriber ACR. In such manner, the subscriberassociated control structure may be used to control access to suchencrypted media content.

The security architecture in FIG. 26 illustrates one avenue for mediacontent distribution, where the memory device is bound to a particularservice provider, so that it can not be used by different serviceproviders for storing and controlling media content in the device. As analternative security structure to that in FIG. 26, the securityarchitecture in memory 10 may contain no SP credentials 602, so thatsuch credentials are not necessary for accessing the content in thedevice. In such alternative embodiments, each of a number of differentservice providers may be able to create its own control structureindependently of the other service providers in the same memory device.Each of the service providers may interact with the memory devicewithout crosstalk or interference by another service provider. Thesystem ACR of the SSA system described above pre-loaded in device 10will assist each of the different service providers to create its ownhierarchical tree in the form of AGP-ACR structures in the mannerdescribed above.

Thus, the control structures described above include the rights objectsand ACRs and the associated hierarchical tree. Rights objects, as notedabove, are typically created outside the memory device and aredownloaded to the device. In one embodiment, such objects are managed bythe DRM agent in the DRM server or the terminal, and by structures suchas the DRM ACR in the memory device. ACRs and the associatedhierarchical tree, on the other hand, may be structures created in thememory device and do not exist outside of it. Normally it is undesirableto export their content or features to entities outside the device. ACRsmay include permissions as to how CEKs are to be used, such as for read,write or delegate functions. Rights objects, on the other hand, canspecify more precisely how the CEKs and the content encrypted therebycan be used, such as by limiting the time duration in which access isallowed or number of accesses and so forth.

As another feature, software code implementing a playlist manager stored(e.g. in the security area) in the memory device may be used to registerthe location in a media title where the End User stops the playback orother rendering process. This allows the End User to disconnect thememory device from one terminal and connect it to another terminal andresume the play or rendering at the point where he or she stopped.

Certificates for Authentication

One important issue that media content providers and service providersneed to contend with is whether a particular memory device into whichcontent is to be loaded is a genuine device or not. On the other hand,from the point of view of the memory device, it may also be useful ornecessary to determine whether a host or terminal (or a server)attempting to store or retrieve content or rights information is genuineor not. For this purpose, the security architecture 600 also includesauthentication and set up features 622, such as a certification. This isexplained in more detail below.

Preferably, the control structures created by different serviceproviders are stored in separate partitions so that each partitionstores only the control structure (e.g. AGP-ACR and/or rights objects)of its corresponding service provider. Preferably, such partitions areprivate and hidden so that each of at least some of the partitions isaccessible to the corresponding service provider of the controlstructures stored therein and not to other service providers. There ispreferably no crosstalk between the hierarchical trees created fordifferent service providers.

An overall architecture for mutual authentication between an end userterminal and a memory device is illustrated in FIG. 27. As shown in FIG.27, the certification of a memory device 630 as genuine and thecertification of end user terminal 632 as genuine are both derived fromthe authority of the root CA server 634. Device 630 is manufactured by aproduction facility where a production CA server 636 is located.Terminal 632 is in turn manufactured at a facility where terminal CAserver 638 (which may be the same as server 634) is located. Thus,device 630 provides to server 636 the device ID, type and the devicepublic key. Server 636 provides the production server ID and theproduction server public key to server 634. Server 634 provides the RootCA certificate and a production CA certificate to server 636. Server 636in turn provides the two certificates from server 634 along with adevice certificate signed by the private key of server 636 to device630. A similar process is carried out between servers 634, 638, andterminal 632. As a result of the above-described process, terminal 632and device 630 each contains three certificates as shown in FIG. 28.

As shown in FIG. 28, the memory device includes three certificates: rootCA certificate, production CA certificate, and the memory devicecertificate. Since both the device 630 and the terminal 632 have theroot CA certificate and root public key, this key may be used forverification that the public keys and the certificates containing thesekeys in the device and the terminal are genuine in the manner explainedbelow, during the first setup process.

As illustrated in FIG. 29, terminal 632 and device 630 will exchangecertificates the first time the device is inserted into the terminal fora setup process. The device will send the device certificate andproduction CA certificate to the terminal, and the terminal will sendthe terminal certificate and terminal CA certificate to the device. Thedifferent keys and certificates contained in the device 630 and terminal632 are illustrated in FIG. 30.

The production CA certificate includes a production CA public key and aversion of such public key which is signed (i.e. encrypted) by the rootCA private key. The terminal 632 can verify whether this production CAcertificate is genuine by using the root public key in its possession todecrypt the encrypted production CA public key and compare the resultwith the production CA public key in the production CA certificatereceived from device 630. If they match, this indicates that theproduction CA certificate received has not been tempered with and isgenuine. Terminal 632 can then use the production CA public key soconfirmed to decrypt the encrypted version of the Device public key andcompare the results with the device public key in the device certificatereceived from device 630. If they match, this indicates that the devicecertificate received has not been tempered with and is genuine. Device630 can perform a similar process to verify that the certificatesreceived from the terminal are genuine and have not been tempered with.It will be evident from the above that the more levels of keys andcertificates that are utilized, the more secure will be the system.Three levels are used in FIGS. 27-32. Obviously, if a higher or lowerlevel of security is desired, the above scheme can be alteredaccordingly.

After the device and the terminal have performed the mutualauthentication process above, the terminal will create an ACR in thedevice 630 as illustrated in FIG. 31 using an ACR that has been createdin the device during manufacturing. This ACR created will contain theroot CA certificate with the root public key, so that the next time theterminal is connected with the device, the device will verify using theroot public key that the terminal certificate provided by the terminalis genuine in a process similar to that described above. If the terminalcertificate provided by the terminal is verified to be genuine, then thememory device will allow the terminal to access content according to thepermissions in the ACR.

As illustrated in FIG. 32, the next time the memory device is connectedto the terminal, the terminal will log in and send its certificate tothe device. The device will then perform the verification processdescribed above. As an option, the memory device 630 also sends itscertificate to the terminal 632 for verification as illustrated in FIG.32.

The certificates stored in the device 630 can also be used for anauthentication server, such as any one of those shown in FIGS. 19A-19Dto check whether the device is genuine. If the server also has the rootCA certificate and root public key in the certificate, this key may beused in a manner similar to that described above to verify that thedevice is genuine or a counterfeit. The device 630 can also verifywhether the server is genuine by a similar process. The authenticationserver may also transfer the root CA certificate and the software forperforming the checking to a different server, such as the server forthe service provider, so that the service provider server can performthe verification process instead. The process in FIGS. 19A-19D wouldthen be simplified in that the service provider server can then performthe functions of the authentication server as well.

Preloaded Content Packaging

The memory device 10″ of FIG. 22 is preloaded with paid media contentsuch as songs, as well as catalog media content which is unpaid. Suchcatalog media content may comprise encrypted full-length and highquality versions, as well as previews of such versions. Stored in device10″ may also be promotional items as well as various applications. Asdescribed above in reference to FIG. 20, memory device 10″ may comprisea number of different areas, including a content area and a securityarea. Preferably, the security area is accessed only during deviceproduction in a secure production facility. For example, rights objectsand AGP/ACR structures and other digital rights management solutions arestored in the security area of the device 10 or 10″ at the secureproduction facility. Content encryption keys may be loaded to the securearea at the secured facility, or may be generated after production bythe device itself.

Content such as operator content and other secured content in thecontent area typically has large files, such as video files. The securefacility for loading secure data in the security area may not have thecapability to load a large number of large files in volume production.For this reason, it may be desirable for locked content as well asunlocked content to be loaded in a non-secure area of productionfacility. Since the locked media content is typically encrypted, suchcontent may be sent to the non-secure facility in an encrypted form toreduce the chance of unauthorized exploitation. Each memory device has aunique identification such as serial number which may be sequential.Thus, it may be possible to first store security related data andobjects in the security area before the device is turned over to anon-secure facility for loading the encrypted media content as well asnon-encrypted content. Since the data loaded into the security area mayinclude control structures for controlling the use of the media contentstored in the content area, first loading these control structures intothe security area before the encrypted content is loaded provides anadditional security to prevent unauthorized exploitation of the mediacontent.

The keys used to encrypt content in each of the memory devicesmanufactured may be different from the keys preloaded in any otherdevice. If this is indeed the case, a hacker who is able to obtain theencryption key in one memory device will not be able to access thecontent stored in any other memory device. However, generating andloading a large number of different content encryption keys into eachdevice may be cumbersome. As a compromise, the same set of keys may beloaded into a batch of memory devices so that they will have the sameset of keys. Therefore, if the set of keys in one of the memory devicesin a batch has been obtained in an unauthorized manner, the mediacontent stored in such batch of memory devices may become accessiblewithout authorization. The person who has obtained such set of keyswill, however, not be able to access the media content stored in adifferent batch of memory devices since the media content in suchdevices would be encrypted by a different set of keys than the oneobtained illegally.

Thus, if 50,000 memory devices are to be produced, the 50,000 devicesmay be divided into 1,000 sets, each including 50 memory devices, witheach device in the set loaded with one of 50 different sets of keys.Thus, the 50,000 devices are divided into 50 batches, each batch of1,000 devices will be loaded or will use the same set of keys. Forexample, the 50 sets of keys may be denoted as KOmn where m ranges from1-20 for a maximum of up to 20 purchased media titles, such assoundtracks and n goes from 1-N where N is 50 in this case. N sets ofkeys KPIn are also provided where 1 may range from 1-50 for a maximum of50 unpaid media titles such as soundtracks and n ranges from 1-N. Thissets of keys KPIn should be transmitted securely to the right issuerserver for issuing rights objects when these tracks are being purchased.

Also at the secure facility, the content encryption keys KOmn for thepurchased titles or tracks are packaged into N sets of objects foradding the business rules such as unlimited play and three exports, forexample as described above. The N sets of rights objects (one for eachpurchased media title) may be denoted as ROmn where m ranges between1-20 for a maximum of 20 purchased media titles and n ranges between 1and N. The N sets of rights objects may be securely transferred to thesecure facility. During production, the unique serial number of thememory device may be used to determine which one of the 50 sets ofrights objects is to be load into the cart: RO1 n, RO2 n, . . . R0 mn,where m is may be 20 for a maximum of up to 20 purchased media titles.These 20 rights objects may be loaded into each memory device in the nthsets or batch of 1,000 memory devices, where n is determined by thesequential portion of the memory device serial number divided by 1,000(i.e. integer portion of memory device serial number/1,000+1). Forexample, if the memory device serial number is 5, the n is of thevalue 1. Of the serial number is 1,200, the n would be 2. If the serialnumber is 35870, n would be 36.

The purchased media titles (a maximum of 20) may be encrypted into Nsets of encrypted files COmn, where m ranges from 1-20, and n rangesbetween 1-N. After the up to 50 catalog media titles are obtained, thesetitles would be encrypted as files PCLR1, PCLR2, . . . . PCLRL where Lis up to 50. From the up to 50 catalog media titles, a 15 second videosnippets or a low quality version of each of such titles may be producedand are labeled as: SNIP1, SNIP2, SNIPL, where L is up to 50. Then thefull length catalog media titles are encrypted into N sets of encryptedfiles: POIn, where 1 ranges from 1-L and n ranges from 1-N. The N setsof encryption keys for the catalog media title files are sent to therights issuer. The master copy for content loading will then contain thefollowing:

(1) N sets of encrypted purchased media titles COmn, where m ranges from1-20 and n ranges from 1-N.

(2) One set of preview snippets of the catalog media titles, whichsnippets have not been encrypted and will be the same across the N setsof media devices: SNIP1, SNIP2, . . . . SNIPL where L is up to 50.

(3) N sets of encrypted catalog media titles corresponding to thepreview snippets, that are encrypted with different content encryptionkeys across N sets of memory devices: POIn, where 1 ranges from 1-L andn ranges from 1-N.

(4) One set of all other promotional contents, such as computer clips,photos, ring tones.

At the non-secure content loading facility, such as a third partycontractor facility, the master copy and content loading script may beused to load the content to the memory devices. The content loadingscript will read the memory device serial number first, and based on theserial number, calculate the batch or set number between 1 and N. Thenbased on this set number n, the content loading script will read the nthset of the purchased media title files: CO1 n, CO2 n, . . . COmn, wherem is the number of media titles in the purchased media content. Thecontent loading script will also read the nth set of the catalog mediatitle files PO1 n, PO2 n, . . . POLn, where L is the number of catalogmedia title files for including on the devices. The set of previewsnippet files and the set of promotional items in post application arealso loaded onto each memory device. The content loading script willthen write the above selected files into the content public area of thememory device illustrated in FIG. 20.

The process of generating the keys for the prepaid content and loadingof the titles; and issuing of rights objects by the rights issuer isillustrated in reference to FIGS. 33A and 33B. At the facility, thedevices or cards to be loaded are divided into groups having N devicesor cards, each of the N devices in each group having a different setnumber and corresponding set of keys and rights object (block 631),where the set number is derivable from the serial number of the device(block 632). N sets of content encryption keys are generated and sent tothe rights issuer (block 634). The rights issuer derives the setidentification number of each memory device such as a memory card fromits serial number. From the derived set identification number and the Nset of keys received, rights objects for controlled access to thecontent is compiled, identified and sent to the facility for loading(blocks 638, 640). These are received at the facility for loading (block642). For each device such as a memory card, the set identificationnumber is derived at the facility from its unique serial number, and thecorresponding set of keys and rights object identified (blocks 644). Thecorresponding rights object is then loaded into the device such as amemory card. The purchased media titles are encrypted at the securefacility, and a master copy sent to a contractor's facility for loadingof the encrypted titles (blocks 646, 648).

As noted above, the DRM agent in either the memory device and/or theterminal may be used to handle the above actions for the device and/orterminal.

The process of generating the keys for the catalogue content and loadingof the titles and issuing of rights objects by the rights issuer isillustrated in reference to FIGS. 34 and 35. At the facility, thedevices to be loaded are divided into groups having N devices or cards,each of the N devices in each group having a different set number andcorresponding set of keys and rights object, where the set number isderivable from the serial number of the device (block 652). Thus, N setsof CEKs for the catalogue media titles are generated by the securefacility, and the CEKs and device ID numbers are sent to the rightsissuer (blocks 654, 656). For each device such as a memory card, the setidentification number is derived from its unique serial number, and thecorresponding set of keys identified (blocks 658). The catalogue mediatitles are then encrypted using the corresponding set of keys identified(block 660). The catalogue media titles are then stored in the devicesuch as a memory card (block 662).

During the purchasing transaction and in reference to FIG. 35, once thepurchase by the end user has been confirmed (block 670), the setidentification number is derived from the device serial number (block672) by the rights issuer, and the appropriate rights object is compiledusing the set number and the CEKs received from the facility in block656 (block 674). The rights issuer provides the corresponding rightsobject to the secure facility (block 660). When the end user ispurchasing catalog media titles, the DRM agent will send a serial numberof the memory device and the ID of the media title purchased to therights issuer server (block 670). The rights issuer server thencalculates the set number of the memory device based on the serialnumber of the memory device (block 672). The rights issuer shouldalready have the N sets of encryption keys for the catalog media titlefiles. Based on the set number and the media title ID, the rights issuerwill be able to issue the correct rights object with the correspondingcontent encryption keys to be downloaded to the memory device after thepurchase. (block 676)

Memory with Other Content as Avenue for Media Content Distribution

The case of memory devices with encrypted media titles and previews ofsuch titles is described above. These types of devices are illustratedin FIGS. 36A-36D, where the devices also include prepaid content. Inthese figures, PREV means preview content comprising media content thathas been abridged (e.g. a portion or lower quality version); FULL meansthe unabridged encrypted version of PREV; RO means rights object ofPREV. PREPAID means content that has been paid for when acquiring thememory device. For simplicity, the rights object(s) for prepaid contenthas been omitted from the figures.

Alternatively, the memory devices such as device 10 can store othertypes of content, as illustrated in FIGS. 37A-37C, 38A, 38B, 39A and39B. As shown in FIG. 37A, the device may store only PREV, or both PREVand FULL as shown in FIG. 37B. The device can also store PREV and RO asin FIG. 37C. Thus, in FIGS. 37A-37C, the device stores PREV in allconfigurations.

As another alternative, the memory devices such as device 10 can storeFULL in all configurations, as in FIGS. 38A and 38B. In FIG. 38B, italso stores RO.

As yet another alternative, the memory devices such as device 10 canstore RO in all configurations, as in FIGS. 39A and 39B. In FIG. 39B, italso stores FULL.

In all of the configurations in FIGS. 37A-37C, 38A, 38B, 39A and 39B,PREPAID and the rights object(s) therefor are not shown, but can beincluded if desired.

Thus, as shown in FIGS. 37A and 40, device 10 may be loaded only withpreview content, such as the snippets or lower quality versions of themedia title. Such titles are indicated at 702. After the end userpurchases the right to view the unabridged version of the media titlesthat has been previewed by means of memory device 702, the rights object704 may be downloaded after purchase of content 702 as indicated byarrow 706 in FIG. 40. Armed with the rights object, the end user willhave the right to download the unabridged version 708 (FULL) of themedia title that has been previewed. The transformation from a devicewithout the unabridged media title to one that does is indicated byarrow 710 in FIG. 40. Alternatively, the end user may download the fulland unabridged version (FULL) of the media title 708 first, as indicatedby arrow 712 in FIG. 40. At this point, however, the end user still doesnot have the right to access the full media title 708, since such titleis encrypted and access to the content encryption key necessary todecrypt such title has been provided to the end user. But after the enduser made the purchase, the end user will have the right to download therights object 704 as indicated by arrow 714 in FIG. 40.

The process of media content distribution using the flow in FIG. 40 issomewhat similar to that in FIG. 23 and is shown in FIG. 41. Thus, thepreview content 702 enables the user to first preview the catalog mediatitles. Memory device thus renders PREY and then prompts the end user,through an end user terminal, to purchase the catalog media titlepreviewed (blocks 722, 724). After purchase has been received, then thefull media title and rights object are supplied to the memory device forstorage (blocks 726, 728). Thereafter, the end user will be able toaccess the media title purchased by decrypting the title and render it.In FIG. 42, the preview content 702 enables the user to first previewthe catalog media titles. The full media title is downloaded followed byreceiving the rights object (this order can be reversed) after thepurchase. Keys can then be used to decrypt the full title for rendering.

Alternatively, memory device 10 may be distributed only with the fullencrypted and unabridged media titles as illustrated in FIG. 38A. If theend user has already purchased the rights to such media titles (FIG.38B), then the memory device will also be provided with the rightsobject and access to the necessary content encryption keys fordecrypting the media titles. If, however, that the memory device for thefull media titles is distributed prior to purchase, the end user willhave to purchase the rights to access. After the purchase, theappropriate rights objects are downloaded (arrow 732 in FIG. 43) toprovide access to the content encryption keys necessary for decryptingthe media titles purchased.

As a variation of such avenue of content distribution, a memory devicewith the full unabridged but encrypted media titles may be stored alongwith the rights object which permits only restricted viewing or accessof such media titles. Also stored in the device is a tracking agent thattracks the usage pattern of the end user and compiles a user profile.See FIG. 44. The restriction may impose a time duration restriction, orthe number of times the media title may be accessed (block 742 in FIG.45). When the user renders the title, the access is tracked and the useraccess profile is compiled (block 744 in FIG. 45). At the expiration ofthe time duration or the count, the end user will no longer be able toaccess the media title, unless the end user then connects the memorydevice to a server. When the memory device is connected to a serverthrough a host or terminal, such user profile is then downloaded to theserver for purposes such as market research. After the access profilehas been downloaded, the rights object may be modified or updated topermit the end user an extended time duration or count for accessing andenjoying the media titles on the memory device (block 746 in FIG. 45).

As yet another possible avenue for media content distribution, memorydevice 10 may be distributed with only the rights object loaded shown inFIG. 39A. Such memory devices must be purchased and it functions similarto a prepaid service card such as a SIM card for phone service. Therights object will permit the end user to download the full unabridgedmedia titles for enjoyment (block 752 in FIG. 46). The rights object maypermit the end user to download a large number of media titles. Thusafter the end user has enjoyed a number of the downloaded titles, it ispossible then for the end user to delete these from the memory deviceand then download the same titles later. In this manner, the end user isnot restricted to the storage capacity of the memory device, but canrepeatedly download and delete media titles from the memory device.

Backup and Reload Control

In some circumstances, it may be desirable to have the capability toback up the contents on a non-volatile memory device such as a flashcard, including not only the media content that may be present, but alsoany rights object that controls access and what can be done with thecontent once it is accessed. However, if this is done without adequatecontrol, this may provide a back door by which the control using therights object can be circumvented. For example, if the rights objectpermits the making of a limited number of copies such as three copies,the rights object will keep track of the number of copies made. Once theset limited number of copies have been made, then the rights object willprohibit any further copying. This restriction can be avoided if a backup copy of the rights object can be made to a storage region prior tocopying and restored to the memory device after three copies have beenmade. By restoring the original rights object that allows three copies,the user can again make three more copies. This process can obviously berepeated, so that the restriction in the rights object can becircumvented altogether. The storage region can be in the same devicefrom which a back up copy of the rights object is made, or in adifferent device.

To prevent this from happening, the rights object is stored in aprotected partition, such as those described above in reference to FIGS.2-4. In order to access such protected partition, an application such asone on a host will need to supply the appropriate predeterminedcredentials to the memory device, before access can be granted. The enduser normally will be able to access the rights object for the purposeof rendering or playing the content controlled by the rights object. Inorder to prevent the end user from accessing the rights object for thepurpose of back up and restoration, the end user credentials permit theend user to only able to read the rights object from the partition, butnot to back up and restore the rights object in the partition. In orderto back up and restore the rights object, credentials different fromthose available to the end user are used. Only applications with suchcredentials may back up and restore the rights object in the partition.The rights object is restored to a protected partition, so that therestored rights object will again be effective in controlling access tothe corresponding content, such as by means of the two different sets ofcredentials: one set permitting only the reading of the rights object,and the other permitting back up and restore.

Preferably, the rights object is deleted from the memory device afterthe rights object has been backed up and stored in a back up storageregion. After the rights object is restored to the memory device, it ispreferably deleted from the back up storage region.

The above features can be applied to a wide variety of non-volatilememory storage devices, where a secure memory area is provided inaddition to a non-restricted memory area.

As an alternative to the above scheme, only certain authorizedapplications having a first set of credentials are allowed to performback up and restoration functions, while other applications having asecond set of credentials different from the first set can only read therights object. Such authorization can be controlled either by the memorydevice, or externally by a server, for example, through a registrationprocess. It is expected that only applications with DRM and/or CPRMcapabilities will have the authority to modify, update, or erase, and/orback up and restore the rights object. This alternative scheme may beuseful whether or not a secure memory area is provided.

As noted above, the rights object may permit the making of a limitednumber of copies such as three copies. In order to enforce such rule,the rights object will keep track of the number of copies made. Thus,when an application copies the rights object, the rights object thatremains on the memory device will need to be updated to keep track ofthe number of copies, if any, that are still permitted after a copy hasbeen made. Moreover, the rights object that is copied will need to bealtered during the copying so as to reflect accurately, whether furthercopies can be made from such copy. Thus, if the end user wishes to allowfurther copies to be made from such copy, it may be preferable to modifythe rights object copied to make this possible. For example, the rightsobject permits a total of n copies to be made from an original, where nis a positive integer. The rights object copied may specify that a totalof m copies may be made from the copied rights object, where m is zeroor a positive integer less than n. In such event, the rules in theoriginal rights object will be updated to permit only (n-m) copies to bemade from the original. Thus, the rights object (the original as well asthe copied) will include the count or number of copies that can be madefrom it, and also the requirement that the copy count will need to bemodified accordingly upon further transfers. When no more copies can bemade from such object, this count or number will become zero.

Rights object for controlling media content may specify the right forunlimited rendering or plays. Alternatively, the number of rendering orplays may be limited as well. If this is the case, the rights objectwill include the count or number of rendering or plays that can still bemade.

As in the case of backup and restoration, the credentials needed toaccess the rights object for the purpose of modifying, updating ordeletion are different from those needed for read only functions. Thecredentials needed to access the rights object for the purpose ofmodifying, updating or deletion may be the same as those for backup andrestoration.

In some embodiments, if an attempt is made to make a copy of such object(i.e. an object from which a copy cannot be made), this will result insuch object being deleted from the memory device (or other storage) whenthe copy is made to another device, as specified in the rights object,for example. After the deletion, the content cannot be accessed anymore,for rendering, play back or any other purpose. In other embodiments, ifan attempt is made to make a copy of such object, the right for limitedor unlimited rendering or plays will be updated to indicate that norendering or plays can be made, or access to the rights object cansimply be blocked altogether except for limited purposes such asdiagnosis, or failure analysis.

The rights object is preferably encrypted by means of a key (preferablyperformed in device 10), and the proper credentials presented to thememory device will cause such key to become available for reading onlyor for writing (which means allowing deletion, modification or updates,backup and restoration) in the manner as described above. Thus, prior toany copying or modification, the rights object is first decrypted. Thenany modification or deletion can be performed in the manner describedabove and the rights object encrypted. The crypto-engine 40 may be usedto perform the encryption. If encryption of the rights object is notdesired, a bypass path (not shown in FIG. 1) without any cryptographicoperation on the data stream, as if the Crypto-Engine 40 is not presentand the HDMA and FMDA are connected directly along this bypass path toBRAM 38 through arbiter 36.

Thereafter, the rights object can be copied if copying is desired andpermitted by the rules in the rights object. However, to make this asecure process, the decrypted rights object to be copied is encryptedusing a session id or key and transmitted to another storage device. Atsuch another storage device, the rights object is decrypted using thesession id or key, and then encrypted again using yet another key (whichcan be from the another storage device, or another source) and stored inthe another storage device. This process can also be carried out for therights object that is backed up and restored.

The above features can be applied to a wide variety of non-volatilememory storage devices, whether or not a secure memory area is providedin addition to a non-restricted memory area.

While the invention has been described above by reference to variousembodiments, it will be understood that changes and modifications may bemade without departing from the scope of the invention, which is to bedefined only by the appended claims and their equivalent. All referencesreferred to herein are incorporated herein by reference. Thus, whilesome of the embodiments are illustrated herein by reference to flashmemories in the form of cards, the invention may also be applicable toother types of memories whether these are in card form or not, such asmagnetic disks, optical CDs, as well as all other types of rewrite-ablenon volatile memory systems. The steps or actions described above may beimplemented by means of software code (e.g. application software) storedin the memory devices and/or the terminals or host devices and/orservers described above.

1. A method for distributing media titles by a non-volatile memorydevice, the method comprising: performing the following in anon-volatile memory device: providing device information to enable thedevice to be certified as genuine; and using a system agent stored inthe device to enable a first service provider to create a firstcorresponding control structure in the device for controlling rightsand/or rules involving access to an encrypted media title stored in thedevice.
 2. The method claim 1, further comprising using the system agentto enable at least an additional service provider different from thefirst service provider to create an additional corresponding controlstructure in the device different from the first control structure. 3.The method of claim 2, wherein each of the control structures specifiesrights and/or rules for access to encrypted media titles stored in thedevice, the method further comprising enabling each of the serviceproviders to have exclusive control over the rights and/or rulesspecified by its corresponding control structure.
 4. The method of claim3, wherein the service providers interact with the device independentlyof one another, so that the rights and/or rules specified by thecorresponding control structure of one service provider is notaccessible by another service provider.
 5. The method claim 1, furthercomprising receiving an media title associated with the first serviceprovider at the device and storing the media title at the device.
 6. Themethod of claim 1, further comprising: receiving a predeterminedcredential from an entity; and decrypting the encrypted media title andsupplying the decrypted media title to the entity.
 7. The method ofclaim 6, wherein the device stores a credential, wherein the decryptionand the supplying occur only when the received predetermined credentialis acceptable when compared to the stored credential.
 8. The method ofclaim 1, further comprising establishing a secure channel between thedevice and an entity in communication with the first service providerfor receiving data from the first service provider to create the firstcontrol structure.
 9. The method of claim 1, further comprising:receiving entity information from an entity to enable the entity to becertified as genuine; authenticating the entity as genuine using theentity information; and establishing a secure connection between thedevice and the entity.
 10. The method of claim 1, wherein the devicestoring a content encryption key used to encrypt the media title storedin the device, the first control structure specifying rights and/orrules for access to the content encryption key for the decrypting theencrypted media title, the method further comprising: receiving from anentity a request to access a media title stored in the device; andgranting access to the content encryption keys if permitted by therights and/or rules.
 11. The method of claim 11, wherein granting accessto the content encryption key comprises decrypting the media title usingthe content encryption key, the method further comprising supplying thedecrypted media title to the entity.
 12. The method of claim 1, thefirst control structure specifying the rights and/or rules so thataccess to the content encryption key is subscription based.